Newsroom News Breaking Comics Tags RSS
News hardware & software 02 July 2021, 13:45

$10 Million Stolen by Microsoft Employee by Reselling Xbox Gift Cards

A Microsoft employee caused the company a $10 million loss by illegally reselling Xbox gift cards. He was sentenced to nine years in prison.

IN A NUTSHELL:
  • Microsoft employee discovered a vulnerability in the store testing system - using it to illegally earn money, he caused the company a loss of 10 million dollars;
  • However, he was eventually caught by law enforcement and sentenced to 9 years in prison, 8.3 million dollars in restitution and deportation to Ukraine.

A vulnerability in Microsoft's store testing system was exploited by one tester to illegally "earn" several million dollars. For nearly two years he resold the Xbox gift card codes obtained in this way, causing the company a loss of $10 million. At one point, Microsoft's employee got so carried away that he caused price fluctuations in the secondhand gift card market and was tracked down and caught. The court ruled a nine-year prison sentence, payment of compensation of $8.3 million and... deportation to Ukraine.

The last point of the sentence is due to the Ukrainian origin (and citizenship) of the fraudster, now former Microsoft employee Volodymyr Kvashuk. He came to the U.S. in 2015, and two years later got a job as an engineer in the testing department of online purchases in Microsoft stores. These employees had special payment cards and test accounts, programmed so that every purchase they make is automatically canceled. In the case of laptops, gamepads, and other hardware, shipping never occurred. However, Kvashuk discovered that when ordering an Xbox gift card, despite canceling the transaction, he receives a working code.

These character strings, called 5x5 codes, somewhat resemble serial numbers and are converted into cash for use in completing the purchase. After making the discovery, Kvashuk should have reported the vulnerability, but he did not. Instead, he began generating and reselling these codes, obviously quite a bit cheaper than the regular price. In order to make his "business" more difficult to detect by the company that employed him, he obtained passwords to several accounts of fellow testers. He also connected through servers in various parts of the world, and larger amounts of codes were "cashed" right away for bitcoin on cryptocurrency exchanges. Over the course of seven months, the employee transferred $2.8 million to several of his bank accounts. He also filed tax returns in which he claimed that the acquired sums were gifts from relatives.

Microsoft eventually became interested in the sudden spikes in Xbox gift card sales and, in cooperation with FBI agents, tracked down the culprit - Volodymyr Kvashuk was arrested in 2019 (and, most importantly, lost his job). Unfortunately, he will no longer be able to carry out his plans - including the purchase of a $4 million house in Hawaii, a yacht or a seaplane.

Arkadiusz Strzala

Arkadiusz Strzala

His adventure in writing began with his own blog and contributing to one of the early forums (in the olden days of Wireless Application Protocol). An electrical engineer by profession, he has a passion for technology, constructing and, of course, playing computer games. He has been a newsman and writer for Gamepressure since April 2020. He specializes in energy and space tech. However, he does not shy away from more relaxed matters every now and then. He loves watching science-fiction movies and car channels on YouTube. He mainly plays on the PC, although he has modest console experience too. He prefers real-time strategies, FPS and all sorts of simulators.

more