A significant flaw has been discovered in Apple's Hide My Email feature, which is intended to protect users' real email addresses by generating unique, random addresses that forward to their personal inbox. However, a researcher has found a vulnerability that could allow an attacker to uncover a person's actual email address, defeating the purpose of the feature. The technical details of the vulnerability have not been disclosed to prevent exploitation, but the issue has been independently verified by 404 Media1. This vulnerability poses a significant concern for users who rely on Hide My Email to maintain their privacy. The fact that the feature is designed to conceal real email addresses makes this vulnerability particularly troubling. This matters to practitioners because it highlights the importance of thoroughly testing and securing features designed to protect user privacy, as even seemingly robust measures can have hidden weaknesses that can be exploited by attackers.
Apple’s Hide My Email doesn’t hide it very well
⚡ High Priority
Why This Matters
404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address.
References
- Malwarebytes Labs. (2026, July 2). Apple’s Hide My Email doesn’t hide it very well. Malwarebytes. https://www.malwarebytes.com/blog/news/2026/07/apples-hide-my-email-doesnt-hide-it-very-well
Original Source
Malwarebytes Labs
Read original →