Don’t Be Fooled: Apple’s ‘Hide My Email’ Feature Can Reveal Your Real Email Address
Apple’s “Hide My Email” feature is defeating its own purpose by leaking users’ real email addresses. Tyler Murphy, a cybersecurity researcher and co-founder of the data removal service EasyOptOuts, told 404 Media this week that he found a flaw that allows almost anyone to uncover the real email addresses behind Apple’s randomly generated aliases.
Hide My Email generates random email addresses that forward to your real inbox, letting you sign up for apps semi-anonymously.
Murphy identified and flagged the vulnerability in June 2025. In March 2026, Apple said it had fixed the issue. However, Murphy says that in later tests with volunteers, he could still “crack” every alias in his sample and recover the real email addresses underneath.
Given that the flaw has existed for more than a year, it could already have affected many iPhone, iPad, and Mac users who regularly use Hide My Email. The good news is that this bug doesn’t allow attackers to access Apple accounts. Still, it’s problematic that it doesn’t do what its name suggests, making it easier to spam or phish someone once their real email is exposed.
At the end of May, Apple told Murphy that the issue remained under investigation and that a fix was expected to arrive “in the coming weeks.” Since then, spokespeople for the brand have not responded to Murphy’s communications or issued a public advisory.
For now, people who use Hide My Email should assume their randomly generated email address might not fully protect their real address until Apple ships a clear fix with proper documentation.