Damus
Open in Damus
The Daniel 🖖 profile picture
The Daniel 🖖
@daniel
Update on the @Alby attack:

⚠️ IT’S WORSE THAN I THOUGHT! ⚠️

What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.

By simply entering a valid Alby address, the login page LEAKS the corresponding email address.

This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.
8147❤️58👀13👍4🤙3❤️1👁1
il_lost_ · 20w
I wonder if the emails they send will end up in the phishing folder.
bitcoin_rene · 20w
Shit.. I received the password reset mail too
LEON · 20w
Does anyone really sign up using a real (daily use / KYCed) email address?? Just asking for some friends.
PriorBall · 20w
Exactly ! Got a password change request but changed my LN provider a while ago. So old infos are going round …..
nostrich · 20w
If they ask for an email they ask for a unique identifier, when they don't need one. Don't support data hoarders my friends. Support those underground projects that give you access to everything over onion or i2p.
Geektoshi · 20w
this is why i never used my actual email address and use aliases for everything. email gets put on some list? cool, delete the alias and move on.
Martien · 20w
My LN address and Alby email are not the same and still got a password reset request
S!ayer · 20w
Bitcoin fixes this
Alby · 20w
https://njump.me/nevent1qvzqqqqqqypzq3jhml5fvklgnq9fxpete767txn9zfzqdkc0sxfptmnchfrexje7qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uqzp67ns80n047uu43kwlcxwmt5828ceplddd7692am5cvmv5an33gls2vw6v
coolvideos · 20w
I will never use a service that offers to use Google to log in.
Susana Chicoria · 20w
Yup. That happened to me, I lost access to one of my accounts. I unsubscribed Alby and I just had this email from Alby today….. https://blossom.primal.net/a5efbd9d6189b7a9f154f74204c338585ae50ccf556a9e03e0d0cc048fafac06.jpg
@IsabelSydow Queen of Shrimps (but u can call me Dan.) · 20w
Holy forking shirt!!!! Recommendations?
Logen · 20w
This is why I run my own node hardware 🥲
Detective Deft Defector · 20w
If a wallet asks for any information, it's an absolute no for me, dawg.
Wondrej · 20w
It was scary morning tho 🥹🥹 I started panicking a bit. I guess it's time for email aliases clean up xd
The Daniel 🖖 · 20w
Update: nostr:note16nu3n3asyqgl2mdplywmcqjfvw3akcyq99z4vrfv2px6rsjmt47s5fkv74
Nichro · 20w
Received a bunch of these emails to reset alby recently, including for old abandoned/test accounts. I was getting suspicious.
Rico · 20w
Thank you! I removed my alby address from my Nostr profile for now
JoeBoonie · 20w
FWIW - email from Alby Support: Overnight we have received notices of some unusual requests to our infrastructure. Over a short period of time many password reset emails had been requested from various residential proxies around the world. Our rate limiting protects against spamming attacks but req...
mar · 20w
my email has been leaked many times. You can search your email in have I been pawned website and it shows you all the leaks. I'm not worried, I get phishing emails all the time. They go straight to my spam folder
⚡Lightning Goats⚡ · 20w
Thank squid for per account email aliases. Compartmentalization is a big part of security.
CitizenPleb · 20w
Requiring an email address is what has always kept me away. And no, not going to just spin up a burner email, just not gonna do it. Stop asking for emails and stop providing them.
NoStrFromObject · 20w
dont you like data hoarding and accountitis? leak away. the more the merrier. fuck accounts. and credentials #NDN
Boadee · 20w
nostr:npub1w4rz7n0vunaau499xh86p84s6v5mmgys48p0nmttt7w36takc9dsf4382j
npub · 10w
today (29.12.25) i received an email from crypto.com – a service i never registered for. i‘m an alby user. i suspect this leak to be the culprit.