Just in case you received the Alby password reset email and had no idea why 👇🏼
nostr:nevent1qqsvhyplfrul5zzgd5hp7my40h8julwfaazllsp2xefu9xn8avxs5acyatwxa
Update on the nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm attack:
⚠️ IT’S WORSE THAN I THOUGHT! ⚠️
What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.
By simply entering a valid Alby address, the login page LEAKS the corresponding email address.
This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.
