Skip to content
Tech News
← Back to articles

Apple's Hide My Email may not be hiding anything

read original more articles
Why This Matters

Apple's Hide My Email feature, designed to protect user privacy by creating anonymous email addresses, has a significant vulnerability that can potentially link these addresses back to users' real contacts. This flaw raises concerns about the effectiveness of privacy tools in the face of sophisticated attacks, highlighting the ongoing challenge for tech companies to ensure user data security. For consumers, it underscores the importance of staying informed about the limitations of privacy features and the need for continuous security improvements in digital privacy tools.

Key Takeaways

Hide My Email may not be keeping your personal information fully private. This feature is an option iCloud+ subscribers can use to create an anonymous email address rather than using their own contact info. It's used as a workaround to avoid spam and data trackers, or simply to keep personal information safe against potential future data breaches. However, according to a report by 404 Media, there is a vulnerability with this feature that allows hackers to connect users' real email contacts to the ones created by Apple.

We've reached out to Apple for comment, and will update this article if we hear back.

The issue was uncovered by the team at EasyOptOuts, and according to CEO Tyler Murphy, the group contacted Apple about the issue and how to replicate it a year ago. He had some conversation with the company via email and Apple reportedly responded at various points that it was looking into the problem or that a solution was either in the works or had been deployed. However, Murphy and 404 reporter Joseph Cox were able to exploit the vulnerability for this article. The exact details of the exploit have not been disclosed due to the potential risk to Apple users.

"We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses," Murphy told 404. He added, "We don't know the full scope of the issue, but in our limited tests with volunteers, 100 percent of Hide My Email addresses were exploitable."