A privacy tool that comes with Apple‘s paid iCloud service may not be as secure as users think. The feature, which lets people create fake email addresses to protect their real one, has a flaw that could expose their actual contact information.
The problem was found by a security team called EasyOptOuts. They told Apple about it more than a year ago. According to the team’s leader, Tyler Murphy, the company said it was working on a fix. At one point, Apple even said the issue had been solved. But that turned out not to be true.
A recent test by 404 Media proved the vulnerability is still active. The outlet created a fake email using Apple’s tool and shared it with Murphy. Within just a few minutes, he was able to trace it back to the real email address behind it.

The security team tested this with several volunteers. In every single case, they were able to find the person’s true email address. That means anyone using this feature for privacy might not be as hidden as they think.
People use these fake email addresses to avoid spam, stop companies from tracking them, and keep their information safe from hackers. If someone can connect the fake address to the real one, all that protection goes away. Bad actors could use this information to find a person’s name, location, and other personal details.
The team that found the flaw decided to speak up because Apple has not fixed it after more than a year. Murphy said they do not know why the company has not solved the problem, but they felt people should know about the risk.
