Update on the nostr:nprofile1qytzqamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpr3mhxue69uhkummnw3ez6vfwde3x7tnpdenkzmnf9e3k7tcqypr90hlgjed73xq2jvrjhna4ukdx2yjyqmdslqvjzhh83wj8jd9numxx6g9 attack:

⚠️ IT’S WORSE THAN I THOUGHT! ⚠️

What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.

By simply entering a valid Alby address, the login page LEAKS the corresponding email address.

This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.