🚨🚨🚨 alby hub users are getting password reset emails. be careful out there.
Login to reply
Replies (37)
Can confirm. Just got one. 🫡
is it legitimate? want to forward me the headers?
+ one
I didn't get one, don't use Alby hub but have an account
i don't use a hosted alby hub, but i do use a self hosted alby hub for connecting via NWC to various nostr apps. i also shut this service down about 15 minutes ago because we don't know what's going on and im not taking any chances right now.
I haven’t got an email
You probably won’t see anything useful in the headers. It’s an auto-generated email from Alby’s email service Postmark.
cool. do you use hosted alby hub?
then it's not a phishing email then?
I didn’t request it but the sender is no-reply@getalby.com — is that what you mean by headers?
Spoke too soon, just got it.
sender addresses don't mean much because they can be faked. don't worry about it.
:)
No
It’s giving phishing even though the email is legit. I’m not going to click the link to find out. 😆
It seems like someone is just spamming the email reset form on their website. I don’t see what the point of that is.
The links in the email go directly to their website, not to a phishing page.
With what email db ?
They don’t need the database, they can figure out any email address just by entering a public Alby Lightning address.
Fuck.
Use email aliases people.
View quoted note →
I get emails all the time. I haven't even looked at them until today.🤷
And they can crawl Nostr, the best Lightning address database.
Good warning. I just got one, ironically after messing with some settings today.
"Yo, for real? 🤔 How does Nostr stack up against the other Lightning address databases? #Curious"
Confirmed.
same here - is there an offical statement from Alby somewhere?
+1
confirmed and elegantly ignored
Got one of these as well, watch out!
View quoted note →
Confirmed. This happened I’m not even subscribed anymore.
1. Yikes!
2. Hey Alby, have you heard of this thing called Nostr?: No passwords
Same with me . I don’t see any reason to be worried about . What you worried about ?
How’s you guys doing during the black out yesterday … survived ?
Check their nostr - it's posted
According to Alby the attacker was taking lightning addresses and requesting password resets. This basically dox profiles giving out the email. So the email from Alvby is legitimate. But the attacker now has email addresses associated with Alvby accounts associated with lightning addresses. Public posted to people's nostr accounts etc. More than likely recommended to reset your email, since you probably should have been using an alias if you weren't. They said that Alby Hub and every other service is unaffected and there are no further security issues...
The new way to spam on the future of the internet is not getting email addresses. It's getting lightning addresses 🤣. I gladly let attackers have it. Hopefully they send funds.🙏
Found it - thx!
I got one
Just ignore it?