Suspected Alby Hub Attack \ stacker news ~bitcoin

pull down to refresh

Suspected Alby Hub Attack

342 sats \ 10 comments \ @uno0 21 Oct bitcoin

Users on Nostr and reporting mass password reset emails, leading to suspicion about a potential hack.

Alby has not commented about the claims, and the reason remains unknown at this time.

view all related items

21 sats \ 6 replies \ @DarthCoin 22h

Guy first check the email header. Phishing means is faking the sender.

21 sats \ 5 replies \ @siggy47 16h

What's interesting is mine had a legitimate looking sender email.

136 sats \ 1 reply \ @DarthCoin 15h

Do not look at the sender email address. That is fake anyways and is how it tricks users. Look at the header of the email message. In the header you can see the real email server that sent that message and its IP and all other technical details.

Usually in any email client, open the message and in properties you can see all the header info.

And if you want to compare it with what is the real getalby.com sender check it here https://mxtoolbox.com/SuperTool.aspx?action=mx%3agetalby.com&run=toolpage#

Anyways strong DMARC, DKIM and SPF records must be implemented for any email domain you are running so most of email clients could reject phishing emails from the start.

20 sats \ 0 replies \ @kepford 12h

Great advice as usually @DarthCoin.

I find it very annoying how most email clients handle security/privacy. The amount of people that get scammed due to this has to be insanely high.

36 sats \ 2 replies \ @TNStacker 16h

Same

0 sats \ 1 reply \ @saunter 15h

Situation is explained here: https://primal.net/e/nevent1qqswh5upmuma0h89vdnh7pnk6ap637xg0mtt0k32hwaxrxm98vuv28c3euur7

Your passwords are safe but you may get phishing emails that look like coming from Alby in the future, so be careful

100 sats \ 0 replies \ @DarthCoin 13h

I was looking into getalby.com domain MX records using https://mxtoolbox.com (very good tool to configure properly your email server) and I found these rules used for anti-spam and anti-phishing rules:

DMARC actual

v=DMARC1; p=none; rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net

I would put a stronger DMARC with:

v=DMARC1;p=reject;sp=quarantine;pct=10;rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net;ri=86400;aspf=r;adkim=r;fo=1;

SPF v=spf1 include:zoho.eu include:spf.ourmailsender.com include:spf.mandrillapp.com ~all

I would change ~all into -all

In this way, in case of a phishing attack, the recipients email servers can reject more easily those phishing (fake) emails.

21 sats \ 0 replies \ @DarthCoin 20h

Alby reply nevent1qvzqqqqqqypzq3jhml5fvklgnq9fxpete767txn9zfzqdkc0sxfptmnchfrexje7qqswh5upmuma0h89vdnh7pnk6ap637xg0mtt0k32hwaxrxm98vuv28cxmpjjn

0 sats \ 0 replies \ @siggy47 16h

I got one.

0 sats \ 0 replies \ @OT 17h

I got this email a couple of times