Well, this is a fascinating story. Bloomberg has a thorough report detailing how a Microsoft engineer by the name of Volodymyr Kvashuk managed to generate $10.1 million worth of Xbox gift cards illegally which he then resold.
As a quick summary of how his scheme worked, part of his role was to test Microsoft’s customer purchasing system for vulnerabilities and errors. Test accounts and fake credit card numbers (legitimately provided by Microsoft) were used to test the systems. Orders for physical products were never mailed as the system knew that these were test purchases, but that wasn’t the case for digital products. When ordering an Xbox gift card, Kvashuk was sent a real – and activated – gift card.
Rather than reporting this bug, he took advantage of the exploit. He ended up writing a script which automatically ordered ever-increasing amounts of gift cards which he resold. The total gift card values were apparently so huge that his activities had an impact on the resale value of Xbox gift cards because the resale market got flooded.
It seems like the $10.1 million worth of Xbox gift cards were generated over the course of only a year. That’s because he identified this opportunity in 2017 and was fired in 2018 when Microsoft realized what was going on. Kvashuk was subsequently arrested in 2019 and is serving prison time; he’s not due to be released until 2027.
Anyway, I though the entire story was incredibly interesting, so it’s worth checking out the full Bloomberg article.