A Day of Unexpected Messages: My Experience with a Side Project and a Sudden Worry

On December 18, 2025, something happened that took me on an emotional journey – from excitement to worry and back to relief. For privacy and safety, I have changed the names of people and one company in this story. They are not the real names.

It started on a normal morning. I was having my tea and checking LinkedIn. Then, a message came in that made me feel hopeful.

The Good Start: A Job Offer from PayFast

The message was from Amit Rao, a recruiter at PayFast, a company known for online payments. “Sujal, we have a great role in our tech team – interesting work and good benefits,” it said. I felt a spark of excitement. PayFast is a solid place to work. But I was happy in my current job, so I replied politely. “Thank you, Amit. I’m set here, but I can suggest a friend who might fit well.” I connected them and felt good about helping out. It was a positive moment. Everything seemed fine.

The First Concern: A Message About My Website

A few hours later, another LinkedIn message arrived. This one was from Pranav Patel, who said he was a manager at a large consulting firm. It made me uneasy right away. “Hi Sujal, I work in technology security. I looked at your site, fs.sujal.xyz. You mention files delete after 24 hours, but I found they do not. Someone shared private documents from an Indian company using it. I have told the company, and they may take action.”

My mind went blank for a moment. fs.sujal.xyz is a basic file-sharing tool I made and put on GitHub. It’s open-source, with no accounts needed, and files are meant to disappear automatically. I built it for simple sharing, like with friends or colleagues. Now this? Pranav asked detailed questions: How do users delete files? Can old files still be reached? Are they truly removed everywhere? Who can see access details?

I felt anxious. What if this leads to trouble? I imagined complaints or worse. My heart beat faster as I replied: “It’s open-source, so anyone can check or change it. Users know the risks. Files are fully deleted after time. No user data is kept.” But deep down, I wondered if I had missed something in the code. The message came from a personal email, not the firm’s official one. That did not feel right for such a serious topic. I started to doubt if it was genuine. The worry grew heavy.

The Bigger Shock: Calls from the Police

The next day, my phone rang from unknown numbers. I answered, and two men introduced themselves: “This is Inspector Uday Singh from Cyber Crime Police. Inspector Ramit Singh is with me.” Apps like Truecaller showed police photos for the numbers. My stomach dropped. “Your site is part of an FIR. Confidential files from a company were uploaded and not deleted. We need to know who accessed them and want you to take the site down.”

An FIR means a formal police case. Thoughts raced through my head – investigations, questions, maybe even visits from officers. They did not ask for money, which was a relief, but they pressed for logs and proof the site was safe. I explained: “It’s anonymous by design. No records of users. Files are removed completely.” Still, I felt scared. Was this real? Or someone trying to frighten me? I walked around my room, thinking about every part of the tool. Why had I not added clearer warnings? The fear was real – what if this affected my job or reputation? It was a low point.

Soon after, my browser started warning that the site was unsafe. No clear reason, just a notice. That added to the stress.

Searching for Answers: Was It Real or Not?

Over the next 12 days, until December 30, I spent time checking facts. I searched online, called official lines, and emailed the consulting firm. Amit from PayFast? His profile looked real, with recent job posts. The officers? Names like Uday and Ramit matched people in a cyber team, who handle cases like scams.

No public record of an FIR about my site showed up on police websites. Cyber cases often stay private at first. Pranav’s profile seemed correct for his role. But the personal email? The firm advises against it in their guidelines. No news stories about a leak through my tool. Social media was quiet too. In the end, I think it was probably a real issue – a mistake with files, leading to a quiet check. No demands for money made it feel honest. The email oddity still bothers me, though. Slowly, the tension eased. The site is still online after I appealed the warning. No further contact came.

What I Learned: Moving Forward

This experience went from hope to fear and then to calm reflection. It reminded me how quickly things can change. I updated my GitHub page with stronger notes about risks and better explanations of how files work. I even added an option for basic tracking if users want it.

The lesson? Sharing tools freely is rewarding, but clear warnings matter. And always verify messages, especially from personal emails.

If you have built something and faced surprises like this, share below. It helps to talk about it.

P.S. The site is still there. Please use it carefully.