An oversight in the accounts used to test Microsoft’s payment systems allowed an engineer to steal over $10 million worth of Xbox gift cards for two years.
To ensure your payment systems work, some Microsoft employees “fake” purchases in their stores. Volodymyr Kvashuk, who joined the company in 2017, discovered that there was a flaw in the accounts used to test purchases.
These dummy accounts are marked as such by the system and do not ship physical products to your home if you make a purchase. However, Kvashuk found that only If you purchased an Xbox Gift Card, you received a fully valid 25-digit code.
Kvashuk could have warned his bosses, but He chose another more profitable option for him.
At first, Kvashuk managed to get some gift cards, but when he saw that he had the opportunity to earn large sums of money, he started using fake profiles of his colleagues to hide his tracks and automated the process with a computer program.
After purchasing these codes, Kvashuk targeted cryptocurrency markets like Paxful to find potential sellers. He would wholesale them at a discount and buyers would continue to sell them to people who wanted to use the codes.
Kvashuk’s salary at Microsoft was not small, but it was not enough to explain the many luxurious houses he bought or the yacht he boasted.
Microsoft eventually discovered Kvashuk’s cases after noting a sharp increase in gift card transactions, and federal agents detained him at his home. At trial, Kvashuk tried to argue that the mass robbery was simply an experiment.
It didn’t work. Kvashuk was sentenced to 9 years in prison, will likely be deported to his home country of Ukraine, and will have to return 8.3 million dollars.