
- Apple’s Hide My Email feature, which generates one-off email addresses to obscure users’ primary emails, has a significant security vulnerability.
- The vulnerability could allow bad actors to uncover users’ primary email addresses using generated Hide My Email addresses.
- Apple was first alerted to the vulnerability in June of 2025, but has not patched it.
Apple offers a handy feature called Hide My Email that generates one-off email addresses that redirect to your primary email, giving users a way to share contact information without divulging any personal or account info. That’s how it should work in theory, at least — but a vulnerability that can expose users’ primary email addresses has been discovered, and it doesn’t sound like Apple is in much of a hurry to fix it.
As reported by 404 Media‘s Joseph Cox, the issue was first raised with Apple by personal data removal service EasyOptOuts more than a year ago. Apple’s acknowledged the problem in communication with EasyOptOuts co-founder Tyler Murphy, but as of May, the company said it was still investigating. Murphy told 404 that “in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable.”