nostr:npub1yx6pjypd4r7qh2gysjhvjd9l2km6hnm4amdnjyjw3467fy05rf0qfp7kza might be able to help with more technical details but I believe it was the Auth code/script/whatever that allows Alby to control other wallets that was accidentally exposed. It was published as the lnaddress or something like that. Seems there was no validation check on the client side.

It was originally believed that only the Zeus wallet was at risk but it was later found afyer the wallet was drained that the stacker.news account (and all other linked accounts) were apparently also at risk.