Apple's 'Hide My Email' feature is exposing real email addresses
What's the story
Apple's "Hide My Email" feature, designed to protect user privacy by providing disposable email addresses for online anonymity, has been flagged with a major security flaw, which may expose users' real email addresses. The vulnerability was discovered by Tyler Murphy, co-founder of EasyOptOuts and a researcher in the field. He had reportedly informed Apple about this issue over a year ago, but it remains unresolved to date.
Bug confirmation
Tests show 100% of addresses were exploitable
Murphy's research confirms that the vulnerability in Apple's "Hide My Email" feature can be exploited. He said, "We don't know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable." However, he hasn't disclosed details about this vulnerability publicly to prevent potential exploitation by others.
Risk alert
Relying on 'Hide My Email' for safety may be risky
Murphy has warned that publicly accessible people-search sites can easily link an email address to other personal details. This means that those relying on "Hide My Email" for safety could be at risk. He said, "Publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk."
Past issues
Apple has faced issues with privacy tools before
Apple has faced issues with its privacy tools in the past. In 2022, the company was sued after it was found that iPhone apps continued to send analytics data to Apple even when the iPhone Analytics privacy setting was enabled. Similarly, in 2023, researchers discovered another one of Apple's privacy features was exposing users' real MAC addresses instead of anonymizing them as intended.