News

Apple Faces Fresh Privacy Questions Over ‘Hide My Email’ Security Flaw

Apple Hide My Email Bug May Expose Your Real Email Address: Researchers Warn Millions of iCloud+ Users as Unpatched Privacy Flaw Raises Fresh Concerns Over Apple's Security Promises

Written By : Poulami Saha
Reviewed By : Achu Krishnan

Apple’s privacy-focused image is now in question following reports by cybersecurity experts of a loophole in the Hide My Email service of the tech giant, which has the potential to reveal users’ genuine email addresses. 

The security problem affects iCloud+ customers, who use this service to hide their email address while subscribing to various services. According to the reports, the flaw has been unresolved for more than a year.

Apple Hide My Email Bug May Reveal Users' Real Email Addresses

The bug was found by Tyler Murphy, one of the founders of EasyOptOuts, and initially reported to Apple in June 2025. According to Murphy, Apple acknowledged the report and then told him in March 2026 that the bug was fixed. But the follow-up test indicated that the bug was still present.

404 Media independently verified that the exploit could reveal the actual email address behind a Hide My Email alias. Murphy noted that each alias tested in voluntary trials was affected, but the technical aspects of the problem were not revealed for security reasons.

Hide My Email is one of Apple's flagship privacy features included with iCloud+. It generates random email aliases that forward messages to a user's primary inbox, helping reduce spam and prevent websites from accessing personal email addresses.

Apple Yet to Release a Public Fix

At present, there has been no security update issued by Apple to resolve the problem. Reports reveal that the tech giant asked the researcher to refrain from disclosing details about the problem before the completion of the investigation.

It is reported that in the coming months, Apple will move Hide My Email aliases to the @private.icloud.com domain. It is supposed to help unite all privacy services of the company. However, as privacy specialists state, this action could help websites to identify and block aliases used anonymously.

Until Apple releases a fix, Security researchers recommend that users avoid using the service for sensitive tasks such as online banking, healthcare, or business. Moreover, users should use two-factor authentication, regularly check the aliases list, remove unnecessary aliases, and install all security updates.

Also read: Apple’s 20th Anniversary Plan Leaks: 4 New iPad Pros, Redesigned MacBook Pro in Testing

Gamers, Get Ready! EA Sports FC Pro Mobile Kicks Off MEA Qualifier Registration on July 7

Hub71 Startup Funding Nears AED10 billion as Abu Dhabi Pushes Global Tech Ambitions

Goldman Lampe Acquires $137 Million in Bitcoin as Institutional Adoption Grows

First Look: Leaked Galaxy Glasses App Reveals Charging Case, ‘Find My Glasses’, and Gemini AI

Meta Brings Token Billing to WhatsApp AI Agent, Restores Messaging Fees