A vulnerability could connect real email addresses to anonymous addresses.
Hide my email may not keep your personal information completely private. This feature is an option that iCloud+ subscribers can use to create an anonymous email address rather than using their own contact information. It is used as a workaround to avoid spam and data trackers, or simply to protect personal information from possible future data breaches. However, according to a report from 404 MediaThere is a vulnerability in this feature that allows hackers to connect users’ real email contacts to those created by Apple.
We’ve reached out to Apple for comment and will update this article if we receive a response.
The issue was discovered by the EasyOptOuts team, and according to CEO Tyler Murphy, the group contacted Apple about the issue and how to reproduce it a year ago. He had a conversation with the company via email and Apple reportedly responded several times that it was investigating the issue or that a solution was in the works or had been deployed. However, Murphy and 404 Journalist Joseph Cox was able to exploit the vulnerability for this article. The exact details of the exploit have not been disclosed due to the potential risk to Apple users.
“We don’t know why the issue hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it is possible for attackers to discover their hidden email addresses,” Murphy said. 404. He added: “We don’t know the full extent of the problem, but in our limited testing with volunteers, 100% of Hide My Email addresses were exploitable. »
