Official Statement: Addressing Claims About KasyNoir

[JollyGood]

Even though your response was not directed at me, here is my analysis: I am absolutely baffled by the manner in which the Sirplay account has conducted itself. If an impersonator has requested/demanded 2400 BTC that does not legitimise an unprofessional and immature response from what is supposed to be a serious and professional business.

We consider this matter addressed. Further communication on this topic should be directed to our legal representatives.
We warm suggest to not got further in your "analysis" or we will consider legal action

Guess who is the scammer here?
https://drive.google.com/file/d/1bZLTdt9wK8OJoG1eh82LFklQLONOL5R_/view?usp=sharing

I doubt it is albon therefore who do you think it is?

[Vod]

You see it as a threat, I see it as protection to defend my brand from untrue accusations. This should make you realize that I am not a scam, since I am here defending months of work.

A threat would be having your lawyer post a cease and desist.  A threat is not saying you have one and then claiming that's proof you are serious.  

Next time listen to the community that knows more than you, and don't create an alt that posts exactly like you.  

Also SirPlay is non compliant to the badge they are showing on their website.

[albon]

A threat would be having your lawyer post a cease and desist.  A threat is not saying you have one and then claiming that's proof you are serious.  

Next time listen to the community that knows more than you, and don't create an alt that posts exactly like you.  

Also SirPlay is non compliant to the badge they are showing on their website.

Honestly, their actions and threats only prove that they are a fragile entity. I don't care about such legal threats as long as I haven't done anything  against the law. All I did was discover a vulnerability in their system and contacted them via email so they could fix it. Subsequently, they reached out to me on Telegram through their official sales account.



However, I strongly believe that the OP is also the one behind the Sirplay Telegram account and their account here on the forum.

The conversation clearly proves that @SirplaySales is acting as a direct agent for Kasynoir by specifically demanding me for an apology to him by name, which confirms the operational link between them.



Also, the S3 breach I discovered proved to me that they have hundreds of brands using their provider. PROOF: https://streamable.com/hv412q

For me, any platform using them is undoubtedly High Risk.

[Shishir99]

@Sirplay Instead of fabricating chat logs and twisting numbers (2400 BTC vs $2.4k), why don't you explain why your S3 bucket was exposed, leaking your official (info@) data and APK files?

This is pretty simple: they don't have a good security specialist on their team, and they didn't even know what had happened. They only realized those things once you reported them. So, you are asking this question to them for nothing. I am curious how secure the casinos are that use their services. What if that information from those casinos also leaks onto the internet? Who would take the blame? Sirplay? If they cannot have a secure website for themselves, how can they provide services to other companies?

Also, thanks for the clarification. I thought it was an imposter who sent them a message.

[Vod]

This is pretty simple: they don't have a good security specialist on their team, and they didn't even know what had happened.

AWS S3 buckets are insanely default private.  I'd say they don't have a specialist at all - you have to explicitly do steps to make them available to the public. 

[albon]

I am curious how secure the casinos are that use their services. What if that information from those casinos also leaks onto the internet? Who would take the blame? Sirplay? If they cannot have a secure website for themselves, how can they provide services to other companies?

Also, thanks for the clarification. I thought it was an imposter who sent them a message.

Hopefully they give a clear answer to the regulatory authorities handling this case.

I’ve already reported this issue to the official regulatory body, Coljuegos (case number 20260128692), and I sent them everything I found technically related to the data breach and infrastructure risks.



This will be my final update on this matter. I trust in the ability of the relevant authorities to do what’s needed to keep players’ and companies’ data safe.

AWS S3 buckets are insanely default private.  I'd say they don't have a specialist at all - you have to explicitly do steps to make them available to the public. 

LOL, as I told their bounty manager before: I wouldn't even trust them to run a lemonade stand, let alone a Bitcoin casino infrastructure.