Thread

πŸ›‘οΈ
Good morning. β˜€ Late last night I acted quickly to alert Nostr when I realized many of us were under a targeted attack. I have received some criticism for exposing the method that was used to reveal thousands of email addresses from Alby’s user database. I realize could have handled it differently, but I did what I believed at the moment to be the best interest of disclosure to help others. From what I could tell, the majority of damage had already been done. The email/password login feature has since been disabled, but anyone who already received an unexpected password reset should consider their email address doxxed. I do not believe there are any further risks. If you are using the browser extension, your nsec was not exposed by this, because that information never left your possession. This was simply a scrape of Nostr Lightning addresses used to exploit a vulnerability in a login function. There is a lot to be learned from this by everyone.

Replies (1)

retarded services with all those forced accounts. submitting passwords and email addresses. salt or not matters zero. welcome to the 90s. what do these services teach their users. submit even more personal data. more every time, with every incident. every leak. on top of that funny lawmakers come up with submitting more and kyc and digital ids instead of actual self sovereign self host local encrypt. well done. great job. fuck yeah. #NDN #NamedDataNetworking.