Apple’s privacy-focused image is now in question following reports by cybersecurity experts of a loophole in the Hide My Email service of the tech giant, which has the potential to reveal users’ genuine email addresses.
The security problem affects iCloud+ customers, who use this service to hide their email address while subscribing to various services. According to the reports, the flaw has been unresolved for more than a year.
The bug was found by Tyler Murphy, one of the founders of EasyOptOuts, and initially reported to Apple in June 2025. According to Murphy, Apple acknowledged the report and then told him in March 2026 that the bug was fixed. But the follow-up test indicated that the bug was still present.
404 Media independently verified that the exploit could reveal the actual email address behind a Hide My Email alias. Murphy noted that each alias tested in voluntary trials was affected, but the technical aspects of the problem were not revealed for security reasons.
Hide My Email is one of Apple's flagship privacy features included with iCloud+. It generates random email aliases that forward messages to a user's primary inbox, helping reduce spam and prevent websites from accessing personal email addresses.
At present, there has been no security update issued by Apple to resolve the problem. Reports reveal that the tech giant asked the researcher to refrain from disclosing details about the problem before the completion of the investigation.
It is reported that in the coming months, Apple will move Hide My Email aliases to the @private.icloud.com domain. It is supposed to help unite all privacy services of the company. However, as privacy specialists state, this action could help websites to identify and block aliases used anonymously.
Until Apple releases a fix, Security researchers recommend that users avoid using the service for sensitive tasks such as online banking, healthcare, or business. Moreover, users should use two-factor authentication, regularly check the aliases list, remove unnecessary aliases, and install all security updates.
Also read: Apple’s 20th Anniversary Plan Leaks: 4 New iPad Pros, Redesigned MacBook Pro in Testing