Security Incident — 3 April 2026

On Friday 3rd April, an unauthorised third party gained access to our web server and used this to access the connection between our website and our email platform, and sent 3 fraudulent emails to our mailing list. A 4th was blocked before it could be sent.

We believe the attacker(s) likely had access to subscriber information on our mailing list — your email address, first name (if you provided one), and subscription preferences (eg: productivity, creator stuff, business topics). We have no evidence that any financial information was accessed. We don’t store payment data on our servers — that’s all held securely by Stripe, not by us.

If you had a registered account on aliabdaal.com (a website login, not the newsletter — you may have created one if you’ve ever purchased anything from us), your name, email address, and encrypted password were also accessed. We’ve already force-reset all passwords. The passwords were encrypted and not in plain text, but if you’ve used the same password and email combination elsewhere, please update those passwords as a precaution.

We removed the attacker’s access and all malicious code from our server, revoked and regenerated all API credentials and security keys, forced password resets for all website accounts, and disconnected and re-secured our email platform integration. We’ve reported the incident to the UK Information Commissioner’s Office (ICO), completed a full security audit, and begun migrating to a completely new hosting environment where we’re rebuilding from scratch.

If you received or continue to receive any emails from us mentioning a cryptocurrency airdrop, token claim, or asking you to connect a wallet — please don’t click any links in it. Delete it. If you did interact with any links or connect a cryptocurrency wallet, please check your wallet for unauthorised transactions immediately.

Please be wary of any follow-up emails referencing this incident that ask you to click links or provide information. We’ll never ask for passwords or financial details by email, and we’ll never promote a cryptocurrency offer.

If you have any questions or concerns, please reach out to [email protected].

I take the security of your data seriously, and I’m sorry this happened. We’re doing everything we can to make sure it doesn’t happen again.

Ali