- Apple Hide My Email may reveal a user’s authentic email address
- Bug puts users at risk of being identified, experts warned
- It has been unpatched for over a year.
A bug in Apple’s ‘Hide My Email’ feature allows those aware of the vulnerability to identify the real email address hidden behind the anonymous email address.
The bug was discovered by EasyOptOuts co-founder Tyler Murphy, who shared the exploit with 404 Media after notifying Apple several times that the feature could be actively exploited.
“We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer,” Murphy said.
Hide My Email can be actively exploited
As the bug has not yet been fixed, details of how the exploit works have not been shared.
Apple’s Hide My Email feature was designed to anonymize email addresses, which helps prevent a user’s real email address from being leaked in a data breach, or to prevent a user’s email address from being personally linked to them in a way that could reveal their identity.
That’s the crux of the matter. By being able to identify the real email address by exploiting the bug, a malicious actor could discover the real identity of the anonymous email.
“Free, publicly accessible people search sites make it easy to link an email address to other personal data, so people who rely on Hide My Email for security reasons may be at risk,” Murphy said. “We don’t know the full extent of the problem, but in our limited testing with volunteers, 100% of Hide My Email addresses were exploitable.”
Users concerned about being identified through people search sites can use a data deletion service to remove their data from these sites, but the process may take a few days.
Murphy first reported the issue to Apply in June 2025, and Apple responded a month later that it was investigating the cause of the issue. Earlier this year, in March, Apple said it had “fixed the issue reported in a recent system change,” but Murphy found that the bug could still be exploited.
Again, Murphy notified Apple, who responded in May 2026 by saying, “We are still investigating this issue. To avoid putting our customers at risk, we would appreciate it if you did not disclose this information until our investigation is complete. We appreciate your help in helping us maintain and improve the security of our products.”
Later that month, Apply said a “resolution was expected in the coming weeks.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




