f in x
Apple Hide My Email Security Flaw Exposes Users' Real Email Addresses for Over a Year
> cd .. / HUB_EDITORIALE
News

Apple Hide My Email Security Flaw Exposes Users' Real Email Addresses for Over a Year

[2026-07-04] Author: Ing. Pietro Maiorana
Zenithby Meteora Web The operating system for your business. Social, clients, bookings and invoices in one platform. Gyms, barbers, professionals. Discover Zenith Free demo · no card

A vulnerability in Apple's Hide My Email service has allowed the real email addresses of users to be uncovered for over a year, despite the promise of anonymity. Security researcher Tyler Murphy, who discovered the issue in June 2025, demonstrated that 100% of the generated @icloud.com addresses could be traced back to the original email. The flaw, still unpatched, raises serious questions about the reliability of Apple's privacy features.

How Hide My Email works and why the flaw is critical

Introduced in 2021, Hide My Email creates unique random email addresses for online services, shielding the user's real address. Incoming messages are forwarded to the user's primary inbox. However, Murphy's vulnerability allows anyone to link a temporary address to the real one, defeating the purpose. Reported to Apple in summer 2025, the issue remains open as of July 2026, even though Apple claimed it was resolved in March 2026.

Sponsored Protocol

Other privacy breaches: Scattered Spider and WhatsApp usernames

This week, the US Department of Justice announced the extradition of Peter Stokes, a 19-year-old suspected member of the Scattered Spider hacking group. Stokes is charged with hacking a luxury jewelry retailer and demanding an $8 million cryptocurrency ransom. Meanwhile, India has asked WhatsApp to pause its username rollout, citing fraud and cybercrime risks, and also sent letters to Signal and Telegram.

Sponsored Protocol

Automatic license plate reader errors lead to wrongful stops

An investigation by the Institute for Justice found at least 24 misidentification cases over the past eight years involving ALPR cameras. Errors include reading 'O' as '0' and failing to remove plates from wanted lists, resulting in armed stops and detentions. These incidents add to growing concerns about AI-powered camera accuracy.

Source: https://www.wired.com/story/security-roundup-apples-hide-my-email-service-fails-to-hide-your-email

Ing. Pietro Maiorana

> AUTHOR_EXTRACTED

Ing. Pietro Maiorana

Ingegnere informatico e co-fondatore di Meteora Web, CMO dell'agenzia. Esperto di marketing digitale, social media, advertising, copywriting e SEO.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> MW_JOURNAL

> READ_ALL()