Apple Hide My Email feature exposes real addresses via bug

Original: Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims

Why This Matters

Privacy tool vulnerability undermines Apple's core brand promise and exposes millions of users to identity linking risks.

Researcher Tyler Murphy reported discovering a bug in Apple's Hide My Email privacy feature that allows real email addresses to be unmasked. Murphy claims he warned Apple over a year ago, with 100% exploitation success rate in tests, but the company has not fixed the vulnerability.

Apple's Hide My Email feature, designed to protect user privacy through disposable email addresses, contains a vulnerability that exposes users' actual email addresses, according to research verified by 404 Media. Tyler Murphy, co-founder of data-removal service EasyOptOuts, discovered the bug and reported it to Apple more than one year ago. In limited testing with volunteers, Murphy achieved a 100% exploitation rate on Hide My Email addresses. The specific technical details of the vulnerability have not been publicly disclosed to prevent misuse. Murphy warned that publicly accessible people-search sites can easily link exposed email addresses to other personal information, putting users who rely on Hide My Email for safety at significant risk. Apple has not yet responded to requests for comment. This incident adds to a pattern of privacy feature issues at Apple: in 2022, the company was sued after iPhone apps continued sending analytics data despite the iPhone Analytics setting being disabled, and in 2023, researchers found Apple's MAC address randomization feature ineffective, with devices exposing real MAC addresses instead.

Source

techcrunch.com — Read original →