TL;DR

A vulnerability in Apple’s ‘Hide My Email’ feature allows bad actors to discover users’ real email addresses via publicly accessible search sites. Apple has known about the issue since mid-2025 and has been investigating, but it remains unpatched as of July 2026. This flaw threatens user privacy and the effectiveness of the feature.

Apple’s ‘Hide My Email’ feature has a security vulnerability that can allow bad actors to uncover users’ actual email addresses. The flaw, reported by 404 Media, has been known to Apple since June 2025 and remains unpatched as of July 2026. This development raises concerns over user privacy and the security of Apple’s privacy tools.

According to reports from 404 Media, a security flaw exists in Apple’s ‘Hide My Email’ feature, which enables users to generate aliases that forward messages to their real email addresses without revealing them. The vulnerability allows malicious actors to use publicly accessible people-search sites to identify the actual email behind an alias. Tests by researchers showed that within minutes, they could retrieve real email addresses from aliases created with the feature. Apple has acknowledged the issue and confirmed it has been investigating since mid-2025, but as of July 2026, a fix has not yet been deployed.

Experts, including Tyler Murphy of EasyOptOuts, state that the exploit appears to be effective on multiple aliases tested. Murphy noted that Apple was informed of the vulnerability over a year ago, and while the company initially responded with an investigation, no patch has been released publicly. Apple has continued to confirm ongoing investigations, but users remain at risk.

At a glance
updateWhen: ongoing; publicly reported in July 2026…
The developmentSecurity researchers have identified a flaw in Apple’s ‘Hide My Email’ that can expose users’ real email addresses to malicious actors using free search sites.

Potential Privacy Risks for Apple Users

This flaw undermines the core purpose of ‘Hide My Email,’ which is to protect user identities during online sign-ups. If malicious actors can easily discover real email addresses, users’ privacy is compromised, increasing risks of spam, phishing, and targeted attacks. The issue also raises questions about Apple’s ability to secure its privacy features and the impact of ongoing investigations on user trust.

Suptek TV Wall Bracket Mount Swivel and Tilt for Most 15"-32" LED, LCD, OLED Flat Screen TVs and Monitors with VESA 75x75-100x100mm up to 13kg Full Motion Monitor Wall Bracket MA2720

Suptek TV Wall Bracket Mount Swivel and Tilt for Most 15"-32" LED, LCD, OLED Flat Screen TVs and Monitors with VESA 75x75-100x100mm up to 13kg Full Motion Monitor Wall Bracket MA2720

PERFECT TV WALL BRACKET – This Suptek tv wall bracket is a great all-round TV wall mount that...

As an affiliate, we earn on qualifying purchases.

Background and Past Concerns About ‘Hide My Email’

‘Hide My Email’ was introduced as part of Apple’s broader privacy initiatives, allowing users to create unique aliases for online accounts. This feature is widely used by privacy-conscious individuals to prevent data leaks from third-party services. In recent months, reports emerged that Apple planned to change the alias domain from @icloud.com to @private.icloud.com, which could make aliases more identifiable and reduce their effectiveness. The current vulnerability adds to concerns about the feature’s robustness and future modifications.

While Apple has generally been praised for its privacy protections, this flaw highlights that even well-designed features can have security gaps. The company has acknowledged the issue and is reportedly working on a fix, but details remain undisclosed.

“Almost anyone can use publicly accessible search sites to discover the real email behind a ‘Hide My Email’ alias.”

— an anonymous researcher

Suixing Outlet Wall Mount Holder Stand Hanger for 3rd Generation, for Your Smart Home 3rd Gen Speakers, Place on Kitchen, Bedroom & Bathroom, Hide Messy Wires(Black, 1Pack)

Suixing Outlet Wall Mount Holder Stand Hanger for 3rd Generation, for Your Smart Home 3rd Gen Speakers, Place on Kitchen, Bedroom & Bathroom, Hide Messy Wires(Black, 1Pack)

① Package Includes: 1 x Outlet Wall Mount (Black).

As an affiliate, we earn on qualifying purchases.

Extent of the Vulnerability and Future Fixes

It is not yet clear how widespread the vulnerability is across all users or whether Apple has implemented any interim measures. The timeline for a permanent fix remains uncertain, and it is unknown if future changes to alias domains will affect the exploit’s effectiveness.

NOTMBESTM Universal Smart Speaker Wall Mount Shelf Holder for Echo Devices/Homepod mini/Sonos Compatible with Google WiFi Mount Bracket Fit for TP-Link Deco/Eero/Nest WiFi System (Black)

Universal Wall Mount Shelf: It is fit for most smart speaker/ mesh wifi system/ Security Camera, Like google...

As an affiliate, we earn on qualifying purchases.

Expected Actions and User Guidance Moving Forward

Apple is expected to continue investigating the flaw, with a potential patch forthcoming. Users are advised to remain cautious, avoid sharing aliases publicly, and stay updated on official security advisories. Researchers and security experts will monitor developments to confirm when a fix is deployed and assess the vulnerability’s impact.

Mount Plus MP-APM-03-01 Top Shelf TV 5-inch Wide Flat Panel Adjustable Clip Mount Holder for Streaming Device, Media Boxes, Speakers Mount Made for Apple TV (1 Pack 5 Inch)

Mount Plus MP-APM-03-01 Top Shelf TV 5-inch Wide Flat Panel Adjustable Clip Mount Holder for Streaming Device, Media Boxes, Speakers Mount Made for Apple TV (1 Pack 5 Inch)

Compatible: with most media devices. Compatible with Echo Dot. Compatible with Roku. Compatible with Apple TV. Compatible with...

As an affiliate, we earn on qualifying purchases.

Key Questions

Can my real email be discovered through ‘Hide My Email’?

Yes, according to recent reports, malicious actors can use publicly accessible search sites to identify the real email address behind a ‘Hide My Email’ alias.

Has Apple acknowledged this vulnerability?

Yes, Apple has known about the issue since June 2025 and confirmed ongoing investigations, but a fix has not yet been publicly released as of July 2026.

What should I do to protect my privacy now?

Users should avoid publicly sharing their ‘Hide My Email’ aliases and stay informed about updates from Apple regarding security patches.

Will Apple change the alias domain to make it more identifiable?

Reports suggest Apple plans to change the domain from @icloud.com to @private.icloud.com, which could make aliases more recognizable and potentially reduce their privacy benefits.

When will the vulnerability be fixed?

There is no confirmed timeline for a fix, but Apple has indicated it is actively working on a solution. Users should watch for official updates.

Source: Lifehacker

You May Also Like

Why I’m Forced to Say Farewell: Google Management Has Lost Its Moral Compass

A Google employee resigns, citing management’s abandonment of ethical principles, including deals with the US military and climate commitments, prompting questions about corporate morality.

How Package Detection Changes the Value of Video Doorbells

Smart package detection enhances your video doorbell’s value by delivering precise alerts, but how exactly does it transform your home security?

How Smart Locks With Fingerprint Access Change Entry Routines

Keen to simplify your entry routine, smart locks with fingerprint access offer faster, more secure access—discover how they can transform your daily life.

How Smart Locks Fit Into a Modern Home Security Plan

Discover how smart locks seamlessly integrate into modern security systems, offering convenience and control—find out what options best suit your home.