Microsoft Security Specialist Steals $10 Million In Xbox Gift Cards

An employee trusted with finding bugs instead exploited one to make millions.

You Are Reading :Microsoft Security Specialist Steals $10 Million In Xbox Gift Cards

As reported by Bloomberg, Microsoft employee Volodymyr Kvashuk stole over $10 million worth of Xbox gift cards while he was working as an engineer responsible for testing the company’s e-commerce infrastructure. He exploited a bug in Microsoft’s test store that caused real gift card codes to be sent to him without having to pay a penny.

Microsoft had a testing system that would allow employees to make pretend purchases using fake credit cards. The system knew not to deliver any physical items, but a bug in the software meant it did send out digital content without real money needing to be used. Kvashuk noticed the bug, but instead of reporting it, he used it to generate millions of dollars worth of gift card codes that he could then sell on at a discount online.

Kvashuk is described as “cocky” by people interviewed in Bloomberg’s report. He hacked into his teammates’ accounts so as to avoid suspicion himself, and wrote a program that could automatically steal gift card codes while he was working or enjoying his spoils. One of the passwords was ‘VerySecret1, and another was ‘$tore123’. Considering these passwords belong to accounts used by Microsoft security specialists, they aren’t very secure.

Kvashuk was selling his stolen gift card codes on Paxful.com, a site that acts as a marketplace for people wanting to trade gift cards for cryptocurrency. Kvashuk’s buyers ranged from high school students trying to get a bargain, to potential criminal organisations – one buyer by the name of Makoo told Kvashuk that they needed to “contact the boss”.

Kvashuk first noticed the bug sometime in 2017 and Microsoft was on his tail by February 2018. Microsoft’s Fraud Investigation Strike Team, or FIST for short, noticed a large spike in gift card usage. It turns out, Kvashuk was selling so many codes that he was personally responsible for fluctuations in the market value of second-hand gift card codes.

Kvashuk was fired in June 2018, and on July 16, 2019, federal agents raided his $1.675 million lakefront house, bought with money he made from his scheme. He was taken to trial for money laundering, identity theft, and wire and mail fraud. He was found guilty on all counts, and in November 2020 he was sentenced to nine years in prison. Kvashuk says he, “got carried away by his chance to become an instant millionaire.”

Link Source : https://www.thegamer.com/microsoft-stolen-gift-cards/