A vulnerability reportedly could link real email addresses with unknown email addresses.
Hide My Email cannot keep your personal information completely private. This feature is an option iCloud+ customers can use to create an anonymous email address instead of using their own contact information. It is used as a solution to avoid spam and data trackers, or to keep personal information secure against potential future data breaches. However, according to a report 404 mediaThere is a vulnerability in this feature that allows hackers to connect users’ real email contacts with email contacts created by Apple.
We’ve contacted Apple for comment, and will update this article if we hear back.
The issue was uncovered by the team at EasyOptOuts, and according to CEO Tyler Murphy, the group contacted Apple a year ago about the issue and how to replicate it. He had a few conversations with the company via email and Apple reportedly responded at various points that it was looking into the issue and that a solution was either in the works or had been deployed. However, Murphy and 404 Reporter Joseph Cox was able to exploit the vulnerability in this article. The exact details of the exploit have not been disclosed due to the potential risk to Apple users.
Murphy explained, “We don’t know why this hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users should be aware that it may be possible for attackers to discover their hidden email address.” 404. He added, “We don’t know the full scope of the issue, but in our limited tests with volunteers, 100 percent of Hide My Email Addresses were exploitable.”
<a href