Thread - Nostr Hypermedia

Dimitar Manovski dmowns@getalby.com 2 months ago

They don't break any server, by using your public alby address in nostr, they just requested a password reset. This is not scam email, it's real email from Alby. The hack consists of that they can get your email from your Alby address, but to do so they have to trigger password reset. Everything is pretty safe, don't worry. Just make sure use strong passwords and have in mind for any incoming emails with email address connected to Alby account

↑ Parent

Replies (2)

bumi michael@getalby.com 2 months ago

that's correct. and we're very sorry this happened. we couldn't filter all requests and reset emails have been requested. that email can be ignored and for additional security we now also enforce login with an one time token.

1 replies ↓

⚡ Dee Kay ⚡🇸🇪🇬🇧🇨🇿🇧🇷🇦🇹 _@houseofeff.com 2 months ago

The transparency is a good start, but you haven't covered the case where a) an unique email address was used that only Alby had and b) wasn't used as lightning address visible anywhere publicly