« prev   random   next »


Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury

By Patrick follow Patrick   2019 Jul 18, 8:14pm 301 views   0 comments   watch   nsfw   quote   share    


A former Microsoft software engineer was arrested on Tuesday and charged with mail fraud for allegedly attempting to steal $10m in digital currency from his former employer, US prosecutors said today.

Volodymyr Kvashuk, 25, a citizen of Ukraine residing in Renton, Washington, initially worked for Microsoft as a contractor and was hired as an employee in August 2016, where he remained employed until he was dismissed in June 2018. ...

But in designing its testing system, Microsoft overlooked a significant attack vector. "The testing program was designed to block the delivery of physical goods," the complaint explains. "Microsoft did not anticipate testers would make test purchases of digital currency ("Currency Stored Value" or "CSV") and thus no safeguards were put in place to prevent the delivery of CSV."

So a tester could make test purchases of Microsoft digital gift cards, obtaining a valid product key that could be redeemed to add value to a digital wallet associated with the purchaser's account. The electronic funds credited could then be used to buy digital or physical Microsoft products from its store.

Kvashuk, it's alleged, bought some Microsoft goods himself and also sold much of the currency – $10m worth, it's claimed – to third-parties, at a discount to its face value.

The scheme supposedly began in 2017 and escalated to the point that Kvashuk, on a base salary of $116,000 per year, bought himself a $162,000 Tesla and $1.6m home in Renton, Washington.

Pretty creative.
no comments found

Please write p@patrick.net if you would like to register to comment

about   best comments   contact   one year ago   suggestions