Apple’s Hide My Email Feature Reportedly Exposed Real iCloud Addresses for Over a Year

news
Apple’s Hide My Email Feature Reportedly Exposed Real iCloud Addresses for Over a Year

Apple’s Hide My Email service is facing fresh privacy concerns after a reported flaw allowed the real iCloud address behind an anonymous email alias to be identified. The issue was reportedly discovered in June 2025, but Apple has not yet delivered a public fix more than a year later.

Hide My Email is part of iCloud+ and is designed to let people create random email aliases when signing up for websites, newsletters, shopping accounts, and other online services. Messages sent to those aliases are forwarded to the user’s real inbox, while the original address is meant to remain hidden.

If the reported flaw can reveal that original address, it undermines the main purpose of the feature.

Hide My Email Is Supposed to Keep Your Main Address Private

The service is meant to reduce spam, tracking, and unwanted contact by giving each website a separate anonymous address. You can disable an alias later if it starts receiving unwanted messages, without changing your main email account.

Hide My Email featureIntended purpose
Random email aliasesKeeps your real address private
Email forwardingSends messages to your main inbox
Alias controlsLets you disable unwanted addresses
iCloud+ integrationWorks across Apple services and devices
Privacy protectionLimits tracking and data collection

The reported vulnerability would allow someone to connect a Hide My Email alias back to the real iCloud account behind it. That could expose an address you specifically chose not to share with a website or service.

Apple Was Reportedly Told About the Issue in 2025

The flaw was reportedly identified by privacy researcher Tyler Murphy in June 2025. Apple was said to have been informed about the issue and later indicated that a fix was being prepared.

The company reportedly claimed the problem had been resolved in March, but the researcher later found that the exploit still worked. Apple then reportedly asked that the details remain private while it continued working on a fix.

As of July 2026, the issue is still said to be unresolved.

TimelineReported development
June 2025Vulnerability reportedly discovered
March 2026Apple reportedly said the issue was fixed
May 2026Fix reportedly expected within weeks
July 2026Problem reportedly still remains

Apple has not publicly confirmed the technical details of the flaw or provided a timeline for a patch.

Why the Report Raises Serious Privacy Questions

Hide My Email is not a free convenience feature for every Apple account. It is part of the paid iCloud+ service, which makes the alleged issue more concerning for subscribers who rely on it to separate their real address from online accounts.

A hidden address can be important for journalists, activists, business owners, people avoiding harassment, and anyone trying to reduce unwanted contact. Even for ordinary users, email aliases are often used to limit spam and prevent websites from linking multiple registrations to a primary inbox.

If an alias can be traced back to the main address, those protections become far less useful.

What iCloud+ Users Can Do for Now

Until Apple provides a confirmed fix, people who rely on Hide My Email for sensitive accounts may want to be cautious about where they use new aliases.

You can also review existing aliases and disable any that are no longer needed. For highly sensitive accounts, using a separate email provider or a dedicated mailbox not linked to your primary identity may offer more separation.

The reported issue does not mean every Hide My Email alias has been exposed. However, it raises a significant question about whether Apple’s privacy feature has worked as promised for affected accounts.

Apple will need to provide clearer information about the flaw, its scope, and the final fix before iCloud+ subscribers can be confident that their real email addresses are properly protected.

Discover: News

Discussion (0)

Be the first to comment.