A junior engineer assigned to test Microsoft's e-commerce platform for payment flaws began exploiting a bug he found

Jul 2, 2021 18:54 GMT  ·  By

Volodymyr Kvashuk, a Microsoft Junior Engineer, devised an inventive plan to generate illicit money by selling Xbox Gift Cards. He was convicted and sentenced to 9 years in prison, as Bloomberg reports. The course also demanded $8.3 million in restitution and will very certainly be deported to its native country, Ukraine. 

Soon after starting a full-time job at Microsoft, Kvashuk got fired. His team's main goal was to mimic Microsoft online purchases in order to uncover any payment problems. All these purchases had to be fake.

In a nutshell, these mimicked accounts are nearly always identified as such by the system, and if you attempt to purchase something from their website, such as a new gamepad, you will not receive anything. On the other hand, if you attempt to purchase Xbox Gift Cards, you will obtain a 25-digit code that is completely valid.

Even though he uncovered a flaw that was vital to his employer's operations, Kvashuk chose not to notify his superiors. When he checked gift card purchases, he discovered that Microsoft Stores always provided genuine 5x5 gift cards, that he later validated.

Kvashuk became greedy and started stealing more from Microsoft 

He arrived at the conclusion that he had an infinite number of codes at his disposal and that if he wanted to, he could manufacture nearly infinite codes for free and therefore exploit this golden circumstance.

At first, Kvashuk produced Xbox gift cards in small amounts, between $10 to $100. Soon after, he grew greedy and started stealing over 152,000 Xbox gift cards, worth $10.1 million. The FBI realized his activities after two years, while he had moved into an expensive lakeside property with intentions to purchase a yacht, seaplane, and ski chalet. The junior engineer also purchased other residences in Mercer Island and Maui, among other destinations.

After discovering a significant increase in gift card transactions, Microsoft found out about the illegal operation. Following this, the FBI conducted a raid on Kvashuk's residence in July 2019. At the hearing, Kvashuk attempted to defend himself by claiming that the stealing operation was really an experiment at work.