There are so many accusations against so many trusted websites here almost daily, but there is a manner in which they must be handled. Check accusations against sportsbet.io for example, they answer with proofs while still keeping the user details confidential.
I will have a look to see how they do that and if there is any way I can do things better.
My point is that I did keep the user's details confidential. The thief here is the account that referred all those bots. If you look at what I published the first 300+ are not even email addresses. They are just random letters like someone punched the keyboard and added an email domain. Those accounts can only make a few rolls before they get blocked at the email verification stage but with hundreds of them significant referral income is stolen.
For the last 38 the thief came back 2 years later and got themself a bot capable of signing up the emails accounts.
The fingerprinting gives a probability in line with a Bitcoin collision that they are different people and the usage pattern is also impossible:
The fingerprint evidence itself is absolutely damning but there is so much more.
There is zero chance that on 2020-09-25 someone signed up to a referral link using a proxy server hosted by AWS and started making 24 free rolls every day. Then a few days later someone else came along and did exactly the same thing. That pattern then repeated every few days until the 38th and last one signed up on 2021-03-12. (there would have been many more if I hadn't banned him).
If it had been a more sophisticated bot that was capable of faking unique fingerprints it still would have been a 100% certainty to be a bot. That pattern of usage is not natural human behaviour.
The 2 accounts with another fingerprint 096aaa29ef6e2a25cd2f4ab4cf3ef793 in that 38 follow the same patterns using the same AWS proxies and are with absolute certainty the same bot. I guess he just logged in on another device like his mobile phone to check the balance or something.
This is one of the most obvious bots you will ever see. Nobody has 38 active referrals all rolling 24 times a day all from AWS. Making the schoolboy error with the fingerprints as well just makes it even easier to prove.
That is why I stopped discussing because after I understand your part, I agreed that you were not completely wrong. I guess everything is good now but the community just demands a little bit more privacy promise. Maybe you need to mention in terms and conditions, if it's legal, that abusing our services might lead to legal investigation.