This is perhaps one of the strangest stories we've ever written, but it's an incredible narrative about how someone partook in a digital heist against Microsoft. It's an elaborate story about one man, the 25 digital digits used to redeem codes on the Microsoft Store, and how he managed to steal millions from the company with them.
The report comes from Bloomberg and tells the story of Volodymyr Kvashuk, an employee at Microsoft who worked to test the company’s e-commerce infrastructure. The job involved him making purchases using faux accounts to test the online payment systems for glitches and bugs. During his time in the role he was said to have noticed a glitch that was so glaringly obvious, he kept it from his superiors.
The bug in question saw him receiving useable 25-digit codes every time he did a fake transaction for Microsoft Store cards - commonly used on the Xbox store. Having tested thousands of these transactions, Kvashuk was able to rake in millions' worth of the digital currency and didn't tell a soul.
"Kvashuk found a bug that would change his life, a flaw so stupidly obvious that he couldn’t bring himself to report it to his managers. He noticed that whenever he tested purchases of gift cards, the Microsoft Store dispensed real 5x5 codes. It dawned on him: He could generate virtually unlimited codes, all for free."
With this in mind, he took to a site known for selling digital codes, where he would sell these codes at a discounted rate of up to 55% off. With the huge increase in cheap codes flooding the market, he would often find that their value decreased, so would artificially draw up demand by withholding the codes. It wasn't until certain codes began to fail and customers took to Microsoft support that Kvashuk's luck started to change. But even without that, Microsoft was already out there looking for him.
"Microsoft was already on the hunt. In February 2018, the company’s Fraud Investigation Strike Team noticed an inexplicable spike in online purchases using gift card codes that was about double normal redemption levels. Microsoft’s fraud team theorized that the hack came from an 'external bad actor,' according to an internal report, but soon realized it was an inside job."
Eventually, Kvashuk was found and fired, leaving him to live his life in the house he paid for using the money he stole, along with his wife. Unfortunately for him, federal agents were also investigating the matter after Microsoft referred the case to them. He was later sentenced to 9 years in prison and most likely faces deportment back to Ukraine once he is released.
The lesson here is if you find a loophole, don't exploit it. It's not worth it and Kvashuk learned that the hard way. Despite getting away with it for years, in the end, it's ultimately cost him a lot. Still, it's fascinating to see how far one man got through such a simple crafty loophole. The full report is an extremely interesting read, so be sure to check it out.
What do you think of Volodymyr Kvashuk's exploits? Drop us a comment and let us know.
[source bloomberg.com]
Comments 12
And I'd have gotten away with it too, if it weren't for those meddling kids....buying too many gift cards doubling that damn redemption level!
Trying to fiddle a huge company like Microsoft out of millions was never going to win. He would of got more praise and recognition pointing out to others the fault that he had found.
He may of got away with a few hundred (maybe even thousands) over a long period of time, which may have resulted in him losing his job and a large fine, but trying millions really increased his punishment
He definitely got what he deserved and the punishment fitted the crime.
Fraud Investigation Strike Team. The dude got FISTed. 😂
@AgentGuapo Underrated comment right there folks 😂
Fascinating article. Loved the full story. This part jumped out at me
"A report card shows he received a C in finance and a D in risk management" Should have paid more attention to the last
@AgentGuapo the article was interesting, your comment brought the entertainment factor over 9000.
@themightyant It's irony at its finest, isn't it? 😂
I'm no fan of crime, but the full article detailing this incidentally discusses quite a few ways in which gift cards are already used by Microsoft and other companies for ends about 99.9% as shady as this guy's were. Between devaluation, non-redemption, intentional obfuscation and psych manipulation, and tax dodging, the "legal" corporate pipeline for separating money from consumers via gift cards is every bit as sophisticated and intentional a pipeline as Kvashuk's illegal one for giving it away to them was.
You know what, I take back what I said before - I suppose I am a fan of what this guy did. Self-serving though he may have been, he was also objectively a modern-day Robin Hood with bad English. It's tough to be 100% mad about that.
@Fath "Steal a thousand once and you're a thief, steal one a thousand times and you're a businessman"
Yes all the psychology of big business is all knowing and shady AF.
Moral of the story, you can steal and do what you want to the poor, but as soon as you steal from the rich, the fury of a thousand justices will come down on your head
@Xenomorph_79 If Karma was a thing, it would be MS that would be in hot water.
This is just a big guy not liking it when a little guy gets their own back.
That is so stupid. Life derailed due to greed. He could have just worked his job and worked his way up or used his skills to get a better paying job in the industry, but nope had to steal.
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...