Hey friends,

Hope your Easter’s been better than ours 😢

On Friday, we got hacked by (what we think are) Russian crypto scammers. They targeted our website (aliabdaal.com) and our email list, and exploited a vulnerability in a third-party plugin to send 3 emails to our email list promoting a scammy “crypto token drop”.

We realised what was happening within a few minutes, and locked down our email and website systems to prevent further damage. And we’ve spent the past few days working with our website and email service providers to figure out what happened and stop it from happening again.

In this email, I’ll talk you through the details of what we know, what we’ve done about it, and what it means for you.

What happened

On 3 April 2026, we discovered that an unauthorised third party gained access to the server hosting aliabdaal.com, by exploiting a vulnerability in a third-party plugin we were using. The attacker was able to access our website's backend systems, including the connection between our site and our email platform. They used this access to send 3 scam emails to our mailing list promoting a fake cryptocurrency "airdrop" - some of you may have gotten one of these emails, or they (hopefully) ended up in your spam folders.

What information was affected

Based on our investigation, we believe the attacker likely had access to subscriber information held on our mailing list. This includes your email address, and if you provided it, your first name. It may also include metadata such as when you subscribed and which topics you signed up for (eg: productivity, creator stuff, business topics).

We have no evidence that passwords, payment details, or any financial information were accessed - we don’t store this type of data on our mailing list. In fact, we don’t store payment information anywhere: that’s all held securely by Stripe with bank-grade security, rather than being on our own servers.

What we've done

As soon as we discovered the breach (within a few minutes of the first email being sent), we took the following steps:

• Took the website offline and removed the attacker's access and all malicious code from our server, including completely removing the integration with our email provider
• Revoked all API credentials and security keys
• Forced password resets for all website accounts
• Disconnected and re-secured our email platform integration
• Engaged with our email service provider to investigate the full extent of access to subscriber data

We’ve now reported the incident to the UK Information Commissioner's Office (ICO), completed a full security audit of our systems, and begun migrating to a new, hardened hosting environment.

What you should do

If you got a suspicious email from us on or around 3rd April - particularly one mentioning a cryptocurrency airdrop, token claim, or asking you to connect a wallet - please do not click any links in it. Delete it ideally. If you did interact with any links or connect a cryptocurrency wallet, please check your crypto wallet for unauthorised transactions immediately.

Beyond that, as a precaution, please be wary of any follow-up emails that reference this incident and ask you to click links or provide information - we’ll never ask for passwords or financial details by email, nor will we ever promote a cryptocurrency offer like this via email (or any other means).

–

You've been kind enough to let me send emails straight to your inbox, and I don't take that lightly. Having random (but annoyingly quite sophisticated) Russian hackers abuse that trust and use it to try to scam you is genuinely awful, and I'm sorry it happened. We caught it within minutes, we've done a full audit, and we're rebuilding our entire web infrastructure to make sure it can't happen again.

Thanks for your patience while we sort it. Hope the rest of your week involves zero Russian hackers 🙂

Ali xx

PS: If you have any questions or concerns, please feel free to reach out to [email protected] - we’ve set this email up specifically for questions about this.