Damus
Open in Damus
The Daniel 🖖 profile picture
The Daniel 🖖
@daniel
Update on the @Alby attack:

⚠️ IT’S WORSE THAN I THOUGHT! ⚠️

What I believe is happening is someone is using the public Lightning addresses from Nostr profiles to doxx everyone’s registered email address on Alby.

By simply entering a valid Alby address, the login page LEAKS the corresponding email address.

This means that the purpose of the attack is not so much to breach your Alby account, it’s to collect emails of Alby users for future phishing attacks.
8147❤️58👀13👍4🤙3❤️1👁1
il_lost_ · 23w
I wonder if the emails they send will end up in the phishing folder.
bitcoin_rene · 23w
Shit.. I received the password reset mail too
LEON · 23w
Does anyone really sign up using a real (daily use / KYCed) email address?? Just asking for some friends.
PriorBall · 23w
Exactly ! Got a password change request but changed my LN provider a while ago. So old infos are going round …..
nostrich · 23w
If they ask for an email they ask for a unique identifier, when they don't need one. Don't support data hoarders my friends. Support those underground projects that give you access to everything over onion or i2p.
Geektoshi · 23w
this is why i never used my actual email address and use aliases for everything. email gets put on some list? cool, delete the alias and move on.
Martien · 23w
My LN address and Alby email are not the same and still got a password reset request
S!ayer · 23w
Bitcoin fixes this
Alby · 23w
https://njump.me/nevent1qvzqqqqqqypzq3jhml5fvklgnq9fxpete767txn9zfzqdkc0sxfptmnchfrexje7qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uqzp67ns80n047uu43kwlcxwmt5828ceplddd7692am5cvmv5an33gls2vw6v
coolvideos · 23w
I will never use a service that offers to use Google to log in.
Susana Chicoria · 23w
Yup. That happened to me, I lost access to one of my accounts. I unsubscribed Alby and I just had this email from Alby today….. https://blossom.primal.net/a5efbd9d6189b7a9f154f74204c338585ae50ccf556a9e03e0d0cc048fafac06.jpg
@IsabelSydow Queen of Shrimps (but u can call me Dan.) · 23w
Holy forking shirt!!!! Recommendations?
Logen · 23w
This is why I run my own node hardware 🥲
Detective Deft Defector · 23w
If a wallet asks for any information, it's an absolute no for me, dawg.
Wondrej · 23w
It was scary morning tho 🥹🥹 I started panicking a bit. I guess it's time for email aliases clean up xd
The Daniel 🖖 · 23w
Update: nostr:note16nu3n3asyqgl2mdplywmcqjfvw3akcyq99z4vrfv2px6rsjmt47s5fkv74
Nichro · 23w
Received a bunch of these emails to reset alby recently, including for old abandoned/test accounts. I was getting suspicious.
Rico · 23w
Thank you! I removed my alby address from my Nostr profile for now
JoeBoonie · 23w
FWIW - email from Alby Support: Overnight we have received notices of some unusual requests to our infrastructure. Over a short period of time many password reset emails had been requested from various residential proxies around the world. Our rate limiting protects against spamming attacks but req...
mar · 23w
my email has been leaked many times. You can search your email in have I been pawned website and it shows you all the leaks. I'm not worried, I get phishing emails all the time. They go straight to my spam folder
⚡Lightning Goats⚡ · 23w
Thank squid for per account email aliases. Compartmentalization is a big part of security.
CitizenPleb · 23w
Requiring an email address is what has always kept me away. And no, not going to just spin up a burner email, just not gonna do it. Stop asking for emails and stop providing them.
NoStrFromObject · 23w
dont you like data hoarding and accountitis? leak away. the more the merrier. fuck accounts. and credentials #NDN
Boadee · 23w
nostr:npub1w4rz7n0vunaau499xh86p84s6v5mmgys48p0nmttt7w36takc9dsf4382j
npub · 14w
today (29.12.25) i received an email from crypto.com – a service i never registered for. i‘m an alby user. i suspect this leak to be the culprit.