A privacy flaw in Apple’s Hide My Email feature means that your real email address can be discovered. A security researcher said that tests found 100% of generated addresses allowed an attacker to reveal the real email associated with the Apple account.

Tyler Murphy said that he discovered and reported the issue to Apple more than a year ago, but it still hasn’t been fixed, and he has now made the decision to go public …

404 Media said it has verified the issue.

“Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Tyler Murphy, the co-founder of EasyOptOuts, which discovered and reported the issue to Apple, told 404 Media.

404 Media is not revealing the exact details of the vulnerability because it can still be exploited as of Monday, when 404 Media verified the issue with one of our own hidden email addresses.

Murphy said that he reported the issue to Apple in June of last year, and the company told him it was looking into it. Apple said it had been fixed in March of this year, but Murphy found that wasn’t the case. He again contacted Apple, with the company saying that it would appreciate him not revealing the existence of the flaw until it had been resolved.

Apple then said it planned to address the issue in June, but since it still hasn’t been fixed, Murphy said that he doesn’t feel comfortable waiting any longer to reveal the existence of the problem. He hasn’t shared any details of the bug or how it can be exploited.

Apple recently announced that it would in future be using a new domainprivate.icloud.com,  for Hide My Email addresses. Some users were unhappy that companies would be able to block this domain in order to limit the use of the privacy feature.

Image: 9to5Mac/Apple/James Lee

FTC: We use income earning auto affiliate links. More.