Apple's 'Hide My Email' might have a flaw that could expose your real email address

Apple has allegedly left a vulnerability in its "Hide My Email" feature unfixed for over a year after being notified. Discovered by security researcher Tyler Murphy and reported by 404 Media, the flaw could expose users' real email addresses. Technical details remain undisclosed to prevent exploitation. Despite the time elapsed, Apple has not addressed the issue, leaving users who rely on the feature for privacy potentially exposed.

It might not be as safe as we thought

For your information, Murphy claims that all tests conducted successfully exploited the vulnerability. In limited tests involving volunteers, he said that every email address tested with this feature successfully revealed the user's real email address. It is understood that the security flaw was reported to Apple in June 2025 along with steps to reproduce it. Apple confirmed receipt of the report the following month and said an investigation was underway.

In March 2026, Apple announced that the issue had been addressed through system changes. However, Murphy found that the vulnerability still existed before providing additional information to Apple. The company later said that the investigation was ongoing. In May, Apple again asked Murphy not to disclose the issue publicly until the investigation was completed, and said that a security update would be released within weeks.

Moreover, Murphy suggested that Apple temporarily suspend the creation of new Hide My Email addresses as a measure to reduce the risk to users. However, there is no indication that the suggestion will be implemented.

If true, Apple will need to step up its security

For reference, Hide My Email is a feature provided to iCloud+ customers to randomly generate temporary email addresses when registering an account or dealing with third-party services. The feature aims to hide users' real email addresses from spam, data leaks, and identity tracking.

According to Murphy, real email addresses that are successfully exposed can be matched with other personal information through various individual search databases that are freely available on the internet, potentially increasing the risk to users who rely on Hide My Email to protect their identities.

To date, Apple has not issued any statement regarding the allegations. Personally, we find this rumour alarming, especially for iPhone users in Malaysia. However, do take this news with a grain of salt because Apple has not confirmed anything yet. What are your thoughts on the news? Feel free to leave your comments below. Stay tuned for more news like this at TechNave.com