A researcher has alleged that a flaw in Apple’s Hide My Email feature can expose users’ real email addresses, potentially undermining a tool designed to help people keep their identities private online. The issue was reported by 404 Media, which said it tested and confirmed the vulnerability. Tyler Murphy, who said he discovered the bug, stated that he alerted Apple more than a year ago and that the problem still had not been fixed.
Hide My Email is intended to let users create disposable email addresses so their actual address remains hidden when signing up for apps, websites, or services. Murphy said that in limited tests with volunteers, every Hide My Email address examined could be exploited. Technical details of the flaw have not been made public because of concerns that disclosure could make abuse easier.
Murphy, co-founder of the data-removal service EasyOptOuts, argued that the problem could have broader privacy implications because publicly available people-search sites may allow an exposed email address to be linked to other personal information. That could increase risks for people who depend on the feature for safety or anonymity. Apple had not responded to a request for comment in the reporting cited.
The report also adds to previous scrutiny of Apple’s privacy tools. In 2022, the company was sued after reports said iPhone apps continued sending analytics data to Apple even when the iPhone Analytics setting was turned on. In 2023, researchers also said a separate Apple privacy feature meant to randomize Wi-Fi MAC addresses could reveal the real identifier instead. Apple has made privacy a central part of its public branding, and the latest claim is likely to intensify attention on how reliably those protections work in practice.
