Damus
Open in Damus
The Daniel 🖖 profile picture
The Daniel 🖖
@daniel
Update on the @Alby attack:

⚠️ IT’S WORSE THAN I THOUGHT! ⚠️

What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.

By simply entering a valid Alby address, the login page LEAKS the corresponding email address.

This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.
8147❤️58👀13👍4🤙3❤️1👁1
il_lost_ · 17w
I wonder if the emails they send will end up in the phishing folder.
bitcoin_rene · 17w
Shit.. I received the password reset mail too
LEON · 17w
Does anyone really sign up using a real (daily use / KYCed) email address?? Just asking for some friends.
PriorBall · 17w
Exactly ! Got a password change request but changed my LN provider a while ago. So old infos are going round …..
nostrich · 17w
If they ask for an email they ask for a unique identifier, when they don't need one. Don't support data hoarders my friends. Support those underground projects that give you access to everything over onion or i2p.
Geektoshi · 17w
this is why i never used my actual email address and use aliases for everything. email gets put on some list? cool, delete the alias and move on.
Martien · 17w
My LN address and Alby email are not the same and still got a password reset request
S!ayer · 17w
Bitcoin fixes this
Alby · 17w
https://njump.me/nevent1qvzqqqqqqypzq3jhml5fvklgnq9fxpete767txn9zfzqdkc0sxfptmnchfrexje7qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uqzp67ns80n047uu43kwlcxwmt5828ceplddd7692am5cvmv5an33gls2vw6v
ImportantVideos · 17w
I will never use a service that offers to use Google to log in.
Susana Chicoria · 17w
Yup. That happened to me, I lost access to one of my accounts. I unsubscribed Alby and I just had this email from Alby today….. https://blossom.primal.net/a5efbd9d6189b7a9f154f74204c338585ae50ccf556a9e03e0d0cc048fafac06.jpg
@IsabelSydow Queen of Shrimps (but u can call me Dan.) · 17w
Holy forking shirt!!!! Recommendations?
Logen · 17w
This is why I run my own node hardware 🥲
Detective Deft Defector · 17w
If a wallet asks for any information, it's an absolute no for me, dawg.
Wondrej · 17w
It was scary morning tho 🥹🥹 I started panicking a bit. I guess it's time for email aliases clean up xd
The Daniel 🖖 · 17w
Update: nostr:note16nu3n3asyqgl2mdplywmcqjfvw3akcyq99z4vrfv2px6rsjmt47s5fkv74
Nichro · 17w
Received a bunch of these emails to reset alby recently, including for old abandoned/test accounts. I was getting suspicious.
Rico · 17w
Thank you! I removed my alby address from my Nostr profile for now
JoeBoonie · 17w
FWIW - email from Alby Support: Overnight we have received notices of some unusual requests to our infrastructure. Over a short period of time many password reset emails had been requested from various residential proxies around the world. Our rate limiting protects against spamming attacks but req...
mar · 17w
my email has been leaked many times. You can search your email in have I been pawned website and it shows you all the leaks. I'm not worried, I get phishing emails all the time. They go straight to my spam folder
⚡Lightning Goats⚡ · 17w
Thank squid for per account email aliases. Compartmentalization is a big part of security.
CitizenPleb · 17w
Requiring an email address is what has always kept me away. And no, not going to just spin up a burner email, just not gonna do it. Stop asking for emails and stop providing them.
NoStrFromObject · 17w
dont you like data hoarding and accountitis? leak away. the more the merrier. fuck accounts. and credentials #NDN
Boadee · 17w
nostr:npub1w4rz7n0vunaau499xh86p84s6v5mmgys48p0nmttt7w36takc9dsf4382j
npub · 7w
today (29.12.25) i received an email from crypto.com – a service i never registered for. i‘m an alby user. i suspect this leak to be the culprit.