Apple Hide My Email Doesn't Hide Your Email
A vulnerability in Apple's Hide My Email lets almost anyone uncover the real email addr 2026-7-1 15:0:42 Author: www.internationalcyberdigest.com(查看原文) 阅读量:4 收藏

A vulnerability in Apple's Hide My Email lets almost anyone uncover the real email address the feature is meant to keep private, and Apple has failed to fix it for more than a year, according to 404 Media and the security researcher who reported it.

Hide My Email is part of Apple's paid iCloud+ service. It generates a random alias, usually two words and a number ending in @icloud.com, that people can use in place of their personal address when signing up for services or emailing contacts. Users rely on it to cut spam, keep accounts from being tied to their real identity, and limit the fallout if a service they joined is later breached.

Tyler Murphy, co-founder of the data-removal company EasyOptOuts, found the flaw and reported it to Apple. In limited testing with volunteers, every Hide My Email address the team checked could be exploited to reveal the underlying real address. Murphy cautioned that the full scope of the problem is not yet known.

404 Media said it confirmed the issue itself. A reporter created a fresh Hide My Email alias and passed it to Murphy, who responded about five minutes later with the real address linked to the reporter's Apple account. The outlet said it is withholding technical details because the flaw remained exploitable when it verified the problem this week.

Murphy first reported the issue to Apple in June 2025. Apple replied a month later saying it was looking into it, and in March 2026 told him it had addressed the problem in a recent system change. Murphy found it still worked. According to 404 Media, Apple later said it was still investigating and asked him to hold off on disclosure until its work was complete.

At the end of May, Apple said it expected to fix the issue in a security update in the coming weeks, the report says. Murphy suggested Apple pause new Hide My Email sales until the flaw was patched. He ultimately took the issue to the media, saying he did not "feel comfortable waiting any longer" and that users deserved to know their hidden addresses might be exposed.



International Cyber Digest

Get the ICD Newsletter

Subscribe for source-forward cyber news, OSINT notes, breach updates, and analysis. Have evidence or a lead? Send it to ICD.


Subscribe

Get the ICD Newsletter: cyber news, OSINT notes, sources, and analysis.

Great! Check your inbox and click the link

Please enter a valid email address!



文章来源: https://www.internationalcyberdigest.com/apple-hide-my-email-doesnt-hide-your-email/
如有侵权请联系:admin#unsafe.sh