Written By Deepti Ratnam
Published By: Deepti Ratnam | Published: Jul 02, 2026, 08:57 AM (IST)
Apple introduced its Hide My Email feature at WWDC 2021 as part of iOS 15, iPadOS 15, and macOS Monterey and since then it has always known a simple feature to protect user’s privacy online. However, a new report indicates that this privacy tool may not be as secure as user’s believed it to be. As per report by 404 Media, Apple’s Hide My Email feature is attacked with a vulnerability and it could allow attackers to uncover user’s email addresses. The issue was discovered by a security researcher named Tyler Murphy. As per his claims, he has already informed Apple about the bug more than a year ago. Also Read: Gmail Unsubscribe Scam: One Click Could Expose Your Entire Inbox - How To Be Safe
Murphy told 404 Media that his team tested the vulnerability in all these instances and it worked. He says they were able to exploit the bug in small tests with volunteers.
The full extent of the problem remains unknown, but in tests with volunteer address provided by us, 101% of Hide My Email addresses were vulnerable, Murphy reportedly said.
The researcher has not made the technical details of the bug public to minimize the chances of it being misused before the fix is available from Apple.
With Hide My Email users can remain anonymous by generating disposable email addresses that can be set up to forward to the user’s main email address. This allows websites, apps and marketers to not learn the actual email address of a person.
Murphy, also a co-founder of data broker side EasyOptOuts, which helps users delete their personal data from data broker sites, noted that “exposed” email addresses may be combined with other publicly available personal data by means of online people search services.
If the vulnerability is exploited, those who use Hide My Email for privacy and/or personal safety may be even more exposed.
As of this writing, Apple has not commented on the vulnerability in any manner. TechCrunch reported that it is trying to reach the company for comment, but hasn’t heard back.
Apple has not made an official statement, so it is unclear what is the extent of the problem, if Apple has confirmed the problem, or when the fix will be released.
Apple has developed a brand and reputation that it strives to preserve user privacy, but it has also been slammed for similar problems in the past.
Apple was targeted in 2022 following reports that some of its iPhone apps continued to send analytics data even after users turned iPhone Analytics off in their privacy settings.
The following year, a group of researchers also put another Apple privacy security to the test by pretending to be random Wi-Fi MAC addresses.
There is no indication that the reported Hide My Email vulnerability is being exploited in the wild. It has not been disclosed in detail, however, so users cannot check for themselves if their email aliases are impacted.
The vulnerability is not addressed by Apple, and until the company responds, it is a privacy concern that has not been resolved and may have the potential to undermine one of Apple’s most popular privacy features.