Never share nsecs or any keys. No-one ever must ask you for that. Keys are always just local (in the Alby Extension, Alby Hub) (and keep a backup of it) Nothing is affected here. Attackers could request password reset emails (which can be ignored) and if a lightning address was used to request the reset the email was exposed. Those potentially have been gathered from nostr before.