Apple Sat On 'Hide My Email' Flaw Leaking Real iCloud Addresses For Over A Year
To make matters worse, per statements made to 404 Media by co-founder of EasyOptOuts and exploit finder Tyler Murphy, Apple still has yet to fix the issue. Last Murphy heard, it was meant to be fixed within "the coming weeks" at the end of May, but here in July the fix has yet to arrive. That means for a solid year, Apple has been aware of the issue but still has not fixed it.

Per the 404 Media coverage and Murphy himself, it's not that Apple has been ignoring the problem entirely. Apple even claimed to have fixed the issue in March, and implored Murphy not to disclose it to "avoid placing our customers at risk" once he discovered the exploit still existed. With this year's earlier iCloud data breach and plans to convert Hide My Email emails to an obvious "@private.icloud.com" domain though, it's a bad look for Apple.
Numerous security and stability issues have also cropped up with iCloud throughout the years, including the infamous "Zombie iPhone" bug and the unceremonious shuttering of My Photo Stream potentially deleting user photos. A problem as egregious as Hide My Email not hiding your email for the premium iCloud+ service is just another entry on the list.
Hopefully, Apple is listening to the criticism and will iron out the issue enabling attackers to find the original emails behind Hide My Email accounts soon. Perhaps then it may also reverse course on rebranding those accounts with such obvious "this is a burner" flags, but only time will tell. Apple had no response to 404 Media's requests for comment.