Update on the @Alby attack:
⚠️ IT’S WORSE THAN I THOUGHT! ⚠️
What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.
By simply entering a valid Alby address, the login page LEAKS the corresponding email address.
This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.
⚠️ IT’S WORSE THAN I THOUGHT! ⚠️
What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.
By simply entering a valid Alby address, the login page LEAKS the corresponding email address.
This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.
3
