404 Media: “…Hide My Email is part of Apple’s paid iCloud+ product. It lets users generate an anonymous email address which they can then use to sign up to services or email people with instead of their personal email. These email addresses are often two random words and a number ending in the @icloud.com domain. This can be useful for all sorts of reasons: to reduce spam; to create an account you may not want linked to your personal address and identity; and to not have your personal information held by a site that may later suffer a data breach. I personally have generated more than 400 email addresses with Hide My Email, for example. To test the issue I generated a new Hide My Email address and provided it to Murphy. Around five minutes later, he replied with my real email address linked to my Apple account which was supposed to be hidden. “We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy said…”