Skip to main content

My Experience With PrivateAlps.net – Scammers

 

A Warning After Racist Insults and Unprofessional Behavior 

I’ve worked with many bug-bounty programs, but nothing prepared me for the absolute disrespect I faced with PrivateAlps.net.

 

Domain :  https://privatealps.net/


I’m writing this to share MY personal experience, exactly how things happened from my side, because no researcher should ever be treated like this.

 


 

 

 

What Happened

I reported real vulnerabilities. I put in the time, the effort, and the skill.


They paid me $210 for one of the reports — fine.


But when it came to the larger report, worth far more than $1,000 by standard industry value, everything went downhill.

And then comes the part that still disgusts me:

In my experience, their communication included racist insults.

According to what I personally received from them, I was told things along the lines of:

“Go f*** yourself, you Indian.”

 


 

 

This is not just unprofessional —  it’s hateful, discriminatory, and completely unacceptable.

And right after that?

They blocked me on Telegram.

No explanation.
No discussion.
No closure.
Just insults and a block.

Why This Matters

This isn’t about a bug report anymore.

It’s about the basic level of human decency a company should have when interacting with researchers.

From MY experience:

  • Their communication was hostile.

  • Their behavior felt racist and abusive.

  • Their handling of the situation was cowardly and unprofessional.

  • Blocking someone after insulting them is the behavior of a team that cannot handle responsibility.

My Message to the Security Community

This is my story.
This is how I was treated.
I’m putting it out there because no researcher should be blindsided the way I was.

If professionalism, respect, and fair treatment matter to you, then be very cautious.

Final Words

After the way I was spoken to and the way I was dismissed, I will never trust them again.
No amount of payment justifies racist abuse or blocking someone instead of talking like adults.

Comments

Post a Comment

Popular posts from this blog

New Scam YourCryptoPal : My Experience Reporting a Security Vulnerability to YourCryptoPal

  As someone deeply invested in cybersecurity, I recently discovered a serious security vulnerability in YourCryptoPal, a platform that claims to prioritize user safety. Following responsible disclosure practices, I reported the issue to them, expecting a professional response and acknowledgment.     Dismissal and Accusation – Instead of thanking me for responsibly reporting a potential threat, the team at YourCryptoPal accused me of being a scammer . This was not only unprofessional but deeply insulting. Failure to Compensate – Many platforms offer bug bounties or rewards to incentivize responsible disclosure. Despite my clear report and evidence, they did not pay the promised reward . Lack of Accountability – I reached out multiple times, seeking clarification and resolution, but received no constructive response . Why Responsible Disclosure Matters Reporting security vulnerabilities is critical for the safety of all users. When platforms ignore, insult...
Post a Comment
Read more

Servers.guru Bug Bounty SCAM : Two Valid Reports, Zero Payment, Zero Accountability

This post documents my negative experience with the servers.guru vulnerability disclosure / bug bounty process. I am writing this publicly because private communication led nowhere, and I believe security researchers deserve honesty and transparency.     The Short Version I submitted two legitimate security vulnerabilities Both had real-world impact Both were clearly explained with reproduction steps No payment was made No convincing technical justification was given You can decide what that says about the program. Vulnerability #1: OTP Reuse (Authentication Broken) Category: Authentication / Logic Flaw Severity: High servers.guru implemented OTP in a way that defeats the entire purpose of OTP . What Was Wrong The same OTP could be reused multiple times instead of being invalidated after first use. This is not a “best practice” issue. This is OTP 101 . Why This Matters OTPs are meant to be one-time Reuse allows replay attacks Any intercepte...
Post a Comment
Read more