Update on the nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm attack:

⚠️ IT’S WORSE THAN I THOUGHT! ⚠️

What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.

By simply entering a valid Alby address, the login page LEAKS the corresponding email address.

This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.