Apple's 'Hide My Email' Reportedly Exposes Your Real Email Address

TL;DR

A vulnerability in Apple’s ‘Hide My Email’ feature allows bad actors to uncover users’ real email addresses. Apple has known about the issue since mid-2025 and is reportedly working on a fix. The flaw raises privacy and security concerns for users relying on the feature.

Apple’s ‘Hide My Email’ feature, designed to protect user privacy by generating anonymous email aliases, has a security flaw that can expose users’ real email addresses to malicious actors. This vulnerability, reported by 404 Media, has been known to Apple since June 2025 and is still unpatched as of July 2026, raising concerns about the effectiveness of the privacy tool.

According to reports, bad actors can exploit the ‘Hide My Email’ feature by using free, publicly accessible people-search sites to discover the real email addresses behind aliases. The flaw was tested by Lifehacker and other researchers, who found that within minutes of receiving an alias, they could retrieve the actual email address associated with it. This vulnerability affects users who rely on ‘Hide My Email’ for privacy, especially when signing up for third-party services or online accounts.

Apple responded to the reports by confirming it was aware of the issue since June 2025 and had been investigating it. The company announced a patch in March 2026 but, according to recent reports, the flaw persists as of July 2026. Apple is reportedly continuing its investigation, with some sources indicating that a fix may still be in development.

At a glance
updateWhen: ongoing; publicly reported in July 2026…
The developmentSecurity researchers have identified a flaw in Apple’s ‘Hide My Email’ that exposes users’ actual email addresses through public search sites.

Potential Privacy Risks for ‘Hide My Email’ Users

This flaw undermines the primary purpose of ‘Hide My Email,’ which is to protect user identities and prevent exposure of personal contact information. If malicious actors can uncover real addresses, it could lead to targeted phishing, spam, or identity theft. The issue also questions the reliability of Apple’s privacy claims, especially as the company prepares to change the alias domain, which could further reduce the feature’s effectiveness.

Ailun Privacy Screen Protector for iPhone 17e / iPhone 16e / iPhone 14 / iPhone 13 / iPhone 13 Pro [6.1 Inch] 2 Pack Anti Spy Private Tempered Glass Case Friendly [Not for iPhone 16 6.1 Inch]

Ailun Privacy Screen Protector for iPhone 17e / iPhone 16e / iPhone 14 / iPhone 13 / iPhone 13 Pro [6.1 Inch] 2 Pack Anti Spy Private Tempered Glass Case Friendly [Not for iPhone 16 6.1 Inch]

[2 Pack] This product includes 2 pack privacy screen protectors.WORKS FOR iPhone 17e/16e/14/iPhone 13/13 Pro 6.1 Inch tempered…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background and Previous Concerns About ‘Hide My Email’

‘Hide My Email’ was introduced as part of Apple’s broader privacy initiatives, allowing users to generate random email addresses that forward to their real inboxes. The feature is widely used by privacy-conscious users to avoid sharing personal email addresses with untrusted services. In recent weeks, reports emerged that Apple plans to change the domain of these aliases from @icloud.com to @private.icloud.com, which could make it easier for automated systems to identify aliases and reduce their anonymity. The vulnerability’s discovery adds to growing concerns about the feature’s robustness and Apple’s handling of privacy protections.

“Almost anyone can use publicly accessible search sites to uncover the real email address behind a Hide My Email alias.”

— an anonymous researcher

Amazon

email alias protection tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent and Impact of the Vulnerability Still Unclear

While tests indicate the vulnerability is real and exploitable, the full scope of affected users and potential damage remains unclear. Apple has not disclosed detailed technical information or the number of users impacted, and it is not yet confirmed how widespread or persistent the flaw is across different alias types or account setups.

Amazon

secure email forwarding services

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Expected Timeline for Fixes and Policy Changes

Apple is expected to continue its investigation into the vulnerability, with a possible software update or patch in the coming weeks or months. Additionally, the company may delay or modify its plans to change the alias domain to @private.icloud.com, which could further influence the feature’s security and user privacy. Users are advised to remain cautious and monitor official updates.

Phishing Prevention Guide: The psychology behind phishing scams | How hackers use phishing | Email & SMS scam prevention | Real-world phishing attack examples | Defending against phishing

Phishing Prevention Guide: The psychology behind phishing scams | How hackers use phishing | Email & SMS scam prevention | Real-world phishing attack examples | Defending against phishing

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Can my real email address be exposed through ‘Hide My Email’?

Yes, if exploited, the vulnerability can allow bad actors to discover your actual email address associated with a ‘Hide My Email’ alias, especially using publicly accessible search sites.

Has Apple acknowledged this flaw?

Yes, Apple has been aware of the issue since June 2025 and has confirmed ongoing investigations, with plans to address it in future updates.

Will the upcoming change to alias domains make the feature less secure?

Potentially, yes. Changing alias domains to @private.icloud.com could make it easier for automated systems to identify and block these aliases, reducing their effectiveness for privacy.

Should I stop using ‘Hide My Email’ until the issue is fixed?

It is advisable to remain cautious and stay updated on official Apple advisories. Users should consider alternative privacy measures if they are concerned about exposure.

When might a fix or update be available?

There is no official timeline yet, but Apple is expected to release a patch within the next few weeks or months as investigations continue.

Source: Lifehacker

You May Also Like

Fable 5 Is Back. GPT-5.6 Is Next. And Anthropic Reportedly Already Has Something Stronger.

Anthropic is restoring Claude Fable 5 after U.S. export controls were lifted, while GPT-5.6 remains gated and a stronger Anthropic model is rumored.

How Geofencing Alerts Are Commonly Used

Knowing how geofencing alerts are commonly used reveals innovative ways to enhance marketing, security, and safety—discover the possibilities that await you.

Mozilla to UK regulators: VPNs are essential privacy and security tools

Mozilla urges UK regulators to preserve access to VPNs, emphasizing their role in online privacy and security, amid proposed restrictions under the UK’s Online Safety Act.

Apple decided not to roll out Siri in EU after denied request for exemption

Apple has decided not to launch Siri in the European Union after its request for regulatory exemption was denied by authorities.