Apple 'Hide My Email' vulnerability reveals peoples' real email addresses
- Privacy
- Security
- Apple
- Infrastructure
The linked post is a disclosure timeline for a bug in Apple’s Hide My Email, an iCloud+ feature that creates throwaway addresses which forward to your real inbox. According to the report, an attacker can turn one of those aliases back into the real email on the Apple ID, which is much worse than ordinary spam leakage because that address often anchors a person’s identity across Apple services and may include their real name. Apple had reportedly known for about a year without fixing it, and the exploit details were intentionally withheld because some people use the feature for personal safety.
Treat Hide My Email as a convenience alias, not a safety boundary, until Apple explains the failure mode and ships a fix. If your business or users depend on email aliasing for privacy or abuse prevention, review whether reply flows, forwarded headers, and provider-specific behavior can reveal the underlying address.
- easyoptouts.com
- Discuss on HN