2 hours ago · Tech · hide · 0 comments

Tyler Murphy and Ben, co-founders of EasyOptOuts: We’ve discovered vulnerabilities in Hide My Email that allow attackers to discover the meant-to-be-hidden address behind a Hide My Email address. We reported the issue to Apple over a year ago, and as of June 30, 2026, it still hasn’t been fixed. About a month ago, we realized that the vulnerabilities’ severity and scope are greater than we initially thought. […] Apple replied — twice — that it had fixed these vulnerabilities, but Joseph Cox of 404 Media was able to reproduce the problem as recently as earlier this week. Very few details are available right now. I have seen speculation that the original email address is revealed when someone replies using their hidden email address, but the impression I get from Cox’s reporting is that no user interaction is necessary: To test the issue I generated a new Hide My Email address and provided it to Murphy. Around five minutes later, he replied with my real email address linked to my Apple…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.