Apple’s Hide My Email is leaking real addresses
A vulnerability in Apple’s iCloud+ privacy feature allows attackers to link anonymous email aliases back to a user’s actual email address. Researchers at EasyOptOuts first reported the flaw to Apple in June 2025, but the issue remains unpatched after more than a year.
Tests confirmed that 100% of tested aliases were exploitable. Because the bug is still active, technical details remain undisclosed to protect users.
