A California Apple user has filed a proposed class action accusing the company of misleading customers about Hide My Email’s privacy protections. Here are the details.
Apple sued over alleged Hide My Email flaw
A few days ago, 404 Media reported that Apple had been aware for more than a year of an alleged flaw that could expose the real email addresses behind Hide My Email aliases.
Apple’s Hide My Email feature lets users create unique, randomly generated email addresses that forward messages to their personal inbox, allowing them to sign up for apps, websites, and newsletters without sharing their real address.
It is available for free through Sign in with Apple, while a broader version included with iCloud+ plans starting at $0.99 per month lets users create aliases for websites, newsletters, and other services.
According to 404 Media, a security researcher alerted Apple in June 2025 to a flaw that could reveal the real email addresses behind Hide My Email aliases.
Apple acknowledged the report about a month later but allegedly left the issue unresolved. In March 2026, the company said it had addressed the flaw, but the researcher found that the vulnerability remained exploitable.
From 404 Media:
At the end of May, Apple said it was planning to address the issue in a future security update “expected in the coming weeks.” Murphy then contacted 404 Media on Monday and provided details of the issue and his statement saying, “We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer.”
Back to the lawsuit (via MacRumors), the plaintiff, Anthony Alvarez, says:
... continue reading