Microsoft once had an employee who nearly got away with stealing over $10 million worth of Xbox gift cards.
According to a report by Bloomberg earlier today, Volodymyr Kvashuk was hired by Microsoft as a security engineer to work on its ecommerce infrastructure. Kvashuk however was quick to notice a bug in the system which he then started exploiting to send real codes for Xbox gift cards to him without having to pay.
Microsoft has a test store which allows employees to make fake digital purchases in order to assess backend changes. The bug in question made the same digital purchases but for the real store and without verifying a payment method.
Kvashuk was supposed to report the bug, but instead used it to generate working digital codes for Xbox gift cards which he was selling online at discounted prices.
Kvashuk reportedly became aware of the bug somewhere in 2017 and began exploiting it immediately. Microsoft realized something was going haywire when it noticed a sharp spike in the usage of Xbox gift cards, and instructed its Fraud Investigation Strike Team to look into the matter by early 2018.
Once the investigation was done, Microsoft fired Kvashuk in June 2018 and presented its finding for a legal pursuit. Kvashuk in the meanwhile was able to purchase his own lakefront house worth $1.675 million with the killing he made with his stolen Xbox gift cards.
In July 2019, federal agents raided the former Microsoft employee and put him up for trial. He was found guilty on counts of money laundering, mail fraud, and identity theft in November 2020 and sentenced to nine years in prison.
As for the said bug in the system, Microsoft has since then squashed it and has probably added new security measures to prevent another Kvashuk in the making.