Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims

1 hour ago 3
In this photograph  illustration, the logo of Apple Inc. is displayed connected  a smartphone screen, with the company's iconic achromatic  pome  awesome    disposable   successful  the background.Image Credits:Cheng Xin / Getty Images

12:18 PM PDT · July 1, 2026

Apple’s Hide My Email feature is simply a convenient privateness instrumentality that uses disposable addresses to fell a user’s existent email for the involvement of online anonymity. Unfortunately, caller probe appears to amusement that a bug successful the diagnostic allows users’ existent email addresses to beryllium unmasked.

The bug was reported by 404 Media, which says that it has tested and verified that the vulnerability exists. Tyler Murphy, the researcher who recovered the bug, said that helium warned Apple astir the occupation implicit a twelvemonth ago, and that it was unclear wherefore the institution had yet to remedy the problem. All of the attempts to exploit the bug person been successful, Murphy added.

“We don’t cognize the afloat scope of the issue, but successful our constricted tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy told the outlet. Details of the vulnerability haven’t been publically disclosed, for fearfulness that it volition beryllium exploited.

Murphy is the co-founder of EasyOptOuts, which offers a paid information removal work that takes your accusation disconnected of information broker sites. He told 404 Media that “publicly accessible people-search sites marque it casual to nexus an email code to different idiosyncratic details, truthful radical relying connected Hide My Email for information whitethorn beryllium astatine risk.”

TechCrunch reached retired to Apple for much accusation and volition update this communicative if it responds.

When it comes to the tech world, privateness tools are hard to travel by and, unfortunately, adjacent erstwhile they bash exist, they don’t ever work. Apple has been accused of this benignant of happening before.

Case successful point: the institution was sued successful 2022 aft it was reported that iPhone apps continued to nonstop analytics information to Apple adjacent erstwhile the iPhone Analytics privateness mounting was turned on.

Similarly, successful 2023, researchers recovered different 1 of Apple’s privateness features to be effectively “useless.” The probe claimed that a instrumentality that was expected to anonymize mobile users’ WiFi connections by providing randomized MAC addresses (an easy trackable identifier) was simply exposing the user’s existent MAC address.

Apple has built a ample portion of its estimation and branding connected idiosyncratic privacy, truthful hopefully it manages to code the evident Hide My Email bug with immoderate expedience. If it tin larn to amended basal down its privateness promises, that wouldn’t beryllium the worst happening successful the satellite either.

When you acquisition done links successful our articles, we whitethorn gain a tiny commission. This doesn’t impact our editorial independence.

Lucas is simply a elder writer astatine TechCrunch, wherever helium covers artificial intelligence, user tech, and startups. He antecedently covered AI and cybersecurity astatine Gizmodo. You tin interaction Lucas by emailing lucas.ropek@techcrunch.com.

Read Entire Article