Apple's Hide My Email feature has an unresolved bug that exposes email addresses.
100% exploitable during limited testing, this vulnerability has been known since June 2025 and remains unfixed today.
Apple has been promoting its Hide My Email feature to protect users' real email addresses, but it contains a flaw that defeats its purpose. The most troubling aspect is that the company has been aware of this issue for a year.
Hide My Email, included in Apple's paid iCloud+ service, allows users to create anonymous email addresses for website sign-ups, keeping their personal or work emails free from promotional content and spam.
However, a team from 404 Media, along with a security researcher, has confirmed that this feature has a bug that links the anonymous addresses back to users' actual Apple ID emails.
What transpired here?
Tyler Murphy, co-founder of the privacy tool EasyOptOuts, reported the vulnerability to Apple in June 2025. Apple acknowledged the issue a month later and began an investigation.
By March 2026, Apple informed Murphy that the problem had been addressed in an update, which typically indicates a fix. However, when Murphy re-tested it, he found that the issue persisted and provided Apple with further details.
As recently as May 2026, Apple communicated to Murphy that it was still looking into the matter and requested that he refrain from sharing the information publicly. The company also mentioned that a fix was anticipated "in the coming weeks," which has yet to materialize.
To verify independently, 404 Media assessed the issue this week by generating a new Hide My Email address and sharing it with Murphy. Approximately five minutes later, Murphy was able to identify the real email address linked to that Apple account.
What does this mean for users?
In Murphy's initial tests, all Hide My Email addresses were found to be exploitable.
Given that people-search platforms can associate an email address with a name, location, and other personal information, anyone relying on Hide My Email for protection may be at risk.
The outlet has withheld the technical specifics of the exploit as it is still active.
Additionally, Hide My Email is poised to become significantly less effective, but for a different reason. A separate report from June 2026 indicated Apple's intention to transition generated email addresses from the icloud.com domain to private.icloud.com.
This change would make it simpler for websites and services to recognize and block these addresses, thereby diminishing their effectiveness in avoiding spam and unwanted tracking.
For more than five years, Shikhar has continued to clarify advancements in consumer technology and share them effectively.
Apple's M6 chip isn't even out yet, but you can expect to see M7 Macs in early 2027.
Apple is said to be fast-tracking its next-generation silicon plans, even before the M6 has launched.
While the M6 chip is still anticipated to be revealed later this year, Apple may already be gearing up for the next iteration. According to Mark Gurman's recent report for Bloomberg, the company aims to introduce its first M7-equipped devices by the first half of 2027, suggesting a quicker silicon update cycle than previously anticipated.
M7 could debut alongside new Macs and iPads.
The entry-level MacBook Pro is expected to receive a design refresh in 2027, and it’s about time.
After five years with the same chassis, both tiers of the MacBook Pro are set to receive new designs simultaneously.
According to Bloomberg, Apple is preparing to launch a new MacBook Pro early next year, including a 14-inch model in the first half of 2027. The most surprising aspect will be a completely new design language, referred to as "a revamped entry-level MacBook Pro, code-named K104."
A study reveals that people are likely to converse with AI representations of deceased loved ones as forms of reincarnation, and it’s rather grim.
The initial AI ghost study findings are as complex as one might expect.
A new study from the University of Colorado Boulder confirms a concept that is both impressive and concerning. Individuals find engaging with AI simulations of their deceased loved ones deeply significant, and most express a desire to do it again. The researchers describe it as a "generative ghost," referencing generative AI, but I'd personally prefer to label it unsettling.
Other articles
Apple's Hide My Email feature has an unresolved bug that exposes email addresses.
A year-old flaw in Apple's Hide My Email could reveal users' actual email addresses. Apple stated that it resolved the issue in March 2026, but independent tests indicate that it remains unaddressed.
