Apple Sued Over Alleged Hide My Email Flaw That Could Expose Real Email Addresses

Apple is facing a proposed class action lawsuit in the United States over its Hide My Email feature after claims that a long-reported security flaw could reveal users’ real email addresses. The lawsuit alleges Apple continued promoting the privacy feature despite knowing about the issue for more than a year.

Hide My Email 2

The case follows recent reporting that a security researcher disclosed the vulnerability to Apple in June 2025. Although the flaw has not been publicly disclosed in full and there are no known reports of it being exploited in real-world attacks, the lawsuit argues that Apple misled customers by advertising stronger privacy protections than the feature allegedly provided.

Hide My Email allows users to create randomly generated email addresses that forward messages to their personal inbox without revealing their actual email address. The feature is built into Sign in with Apple and is also available to iCloud+ subscribers, who can generate aliases for websites, newsletters, and online services.

According to security researcher Tyler Murphy, the reported vulnerability could allow someone to determine the real email address behind one of these private relay addresses. The technical details have not been made public to reduce the risk of the flaw being abused before Apple releases a fix.

Apple Hide My Email lawsuit

The proposed class action was filed in the U.S. District Court for the Northern District of California by California resident Anthony Alvarez. The complaint alleges Apple violated California consumer protection laws, engaged in false advertising, breached warranties, and unjustly profited by continuing to market Hide My Email as a privacy feature while allegedly knowing about the unresolved vulnerability.

The lawsuit seeks financial damages for affected customers, class action certification, and a court order requiring Apple to either fix the reported vulnerability or clearly disclose the feature’s limitations. It proposes four separate classes covering Apple customers and iCloud+ subscribers across the United States, including California-specific subclasses.

The lawsuit builds on earlier reporting that Murphy first disclosed the vulnerability to Apple in June 2025. Apple reportedly acknowledged the report about a month later and later indicated in March 2026 that the issue had been addressed. However, Murphy said additional testing showed the vulnerability remained. Apple subsequently told the researcher that a permanent fix was planned for a future security update, but the company has not announced when that update will be released.

No Confirmed Exploitation Reported

An important detail is that neither the lawsuit nor the original security research identifies any confirmed cases where attackers actually exploited the reported flaw. The plaintiff does not allege that his personal email address was exposed or misused. Instead, the complaint argues that customers paid for privacy protections that allegedly did not work as advertised.

That distinction could become significant as the case moves forward, since the lawsuit is based on claims that customers overpaid for Apple devices or iCloud+ subscriptions because of the company’s privacy marketing rather than on evidence of identity theft, spam, or other direct harm.

Apple has not publicly commented on the lawsuit. Because the case was filed as a proposed class action, it must first receive court approval before it can proceed on behalf of other Apple customers. The court will also determine whether the plaintiff’s claims have sufficient legal merit to move forward.

About the Author

Asma Hussain is an editor at iThinkDifferent, where she covers Apple news, streaming services, mobile gaming, and app reviews, with a particular focus on social media and consumer tech. She writes hands-on guides and app coverage drawn from day-to-day use across iPhone, iPad, and Mac. Outside of writing, she's interested in digital illustration, internet culture, and the small design decisions that shape how people use technology.

Leave a comment