Particle.news

Apple Faces Proposed Class Action Over Reported Hide My Email Flaw

The suit demands damages plus court-ordered fixes after researchers said relay aliases can be linked to users’ real email addresses.

Overview

  • A proposed nationwide class action was filed July 15 in the U.S. District Court for the Northern District of California claiming Apple misled customers about Hide My Email’s privacy.
  • Hide My Email creates unique relay addresses that forward messages to a user’s real inbox, and researchers say a flaw can connect those relay aliases back to the underlying real addresses.
  • Security researcher Tyler Murphy reported the issue to Apple in June 2025 and independent reporting by 404 Media verified the linking risk while withholding exploit details to avoid misuse.
  • Apple told the researcher in March 2026 that a system change had addressed the problem and later said a security update is planned, but no public patch has been released and there are no known real-world attacks.
  • The complaint seeks damages and an order requiring Apple to fix Hide My Email or clearly disclose its limits, and it would cover iCloud+ subscribers and users of Sign in with Apple if a class is certified.