Apple’s Hide My Email Still Leaks Real Addresses
*404 Media confirmed that a flaw reported to Apple more than a year ago continues to expose the real email addresses behind iCloud’s Hide My Email feature.*
The Report
404 Media published details of the issue on July 1. The outlet withheld the exact reproduction steps because the flaw remained active at the time of publication. A 404 Media staff member generated a new Hide My Email address and confirmed with the original reporter that the real address could be recovered.
Discovery and Disclosure
Tyler Murphy, co-founder of EasyOptOuts, found the problem and sent replication instructions to Apple more than twelve months earlier. Murphy told 404 Media that the company has not explained the delay in fixing the issue. “Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” he said.
Apple’s Response
Neither source records any public statement from Apple. The company has not confirmed receipt of the report or provided a timeline for remediation.
Why It Matters
Users adopted Hide My Email precisely to keep their primary address private. When that protection fails, the service stops delivering its stated benefit and instead creates a false sense of security. Apple has offered no indication that it intends to close the gap quickly, leaving anyone who generated addresses through the feature exposed until a fix ships.
---
Sources:
No comments yet