Thanks to a Bloomberg report we learn that a former Microsoft employee, Volodymyr Kvashuk, stole Xbox Gift Cards for a total value of 10 million dollars while working for the Redmond company as an engineer responsible for testing and security of the ‘e-commerce infrastructure.
Microsoft has a testing system that allows its employees to make test purchases using fake credit cards. Normally the tool generates unusable codes, but Kvashuk managed to exploit a bug by getting real codes sent without paying a penny. Instead of reporting the flaw – a task for which he was hired – he used it to generate millions of dollars in the form of an Xbox Gift Card, which he then resold on Paxful.com, a marketplace that allows its users to buy using cryptocurrencies. .
Some of the interviewees portrayed him as an arrogant person. Kvashuk hacked his colleagues’ accounts to avoid arousing suspicion and wrote a program that automatically stole Xbox Gift Card codes while working regularly. It must also be said that he did not encounter particular difficulties in hacking the accounts of his colleagues: despite being security experts, they used trivial passwords like “VerySecret1” and “$ tore123”.
Kvashuk spotted the bug in 2017. Microsoft had been on his trail since February 2018 and fired him in June of the same year. On July 16, 2019, federal authorities raided his $ 1.6 million home, which was purchased with revenues generated by the aforementioned scheme. Kvashuk was later tried for money laundering, identity theft and telematic fraud: after being found guilty of all charges, he was sentenced to 9 years in prison in November 2020.