Major Apple Bug Appears to Disclose All Real Emails for 'Hide My Email' Users
A vulnerability in Apple's privacy-focused iCloud Plus feature allows attackers to discover users' real email addresses.
- A bug in Apple's Hide My Email feature for iCloud+ exposes users' real email addresses in message headers when they reply to forwarded emails.
- The vulnerability was disclosed by CNET on March 26, 2025, based on findings from an unnamed security researcher; Apple has not yet commented on a fix.
- Hide My Email generates random addresses that forward to a user's real iCloud account, designed to prevent companies from tracking the user's actual email.