Thank you for the transparency.
Just a note, my alby login email address has only ever been used wirh alby so it couldn't have come from another data leak.
Login to reply
Replies (11)
Same situation here
aren't this economic valid requests because they are technically possible and filters dont work?!ππ€π
Same
Same here
They said password requests were also made against lightning address which is public information.
That shouldnβt be possible going forward π
Yep - good to see it's fixed. Thanks nostr:nprofile1qqsyv47lazt9h6ycp2fsw270khje5egjgsrdkrupjg27u796g7f5k0spzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszymhwden5te0wp6hyurvv4cxzeewv4ej7hjm7rj for quick turnaround
I want to point out I saw this posted on NOSTR yesterday which was pretty instant and the fact a thread of people calling out to Alby for information worked so well... And alby gets back to us with nostr... Its just so great to see!
In this case are you guys going to change account email if your reset was triggered by lightning address?
I didn't have a public lightning address. My account email address was only known by Alby
Same here, I realized it was a data breach as the email address I used for Alby was made only for that.
Let's not jump to conclusions without an official statement.
The email address can leak via other channels as well from an Internet connected device...
That was a failure. Good that you already used a dedicated address.
Let us know if we can improve other things: https://feedback.getalby.com/-alby-accounts-request-a-feature-1