According to a detailed report from Bloomberg, Volodymyr Kvashuk, a junior engineer who was tasked with simulating purchases on the company's digital store was sentenced to nine years in prison back in 2020 after abusing a bug he found that let him acquire 152,000 legitimate Xbox gift cards worth $10 million.
Kvashuk found a loophole in the system where whenever he simulated purchases, he was always given real codes.
He also created a personal computer program that would increase the speed of his generating.
The junior engineer thought he had avoided getting caught by hiding his internet by using multiple profiles while routing his internet traffic through Japanese and Russian servers.
He generated thousands of dollars' worth of gift cards and sold them online with a discounted price of up to 55% off their regular price on Paxful, a cryptocurrency marketplace.
Kvashuk eventually bought a lakefront home and had plans of buying other things like a ski chalet, yacht, and seaplane.
Microsoft's Fraud Investigation Strike Team eventually found an increase in online purchases that used gift card codes and hired investigators traced the activity to two internal test accounts that belonged to employees of the Microsoft store team.
Microsoft hired the help of Andrew Cookson, a veteran detective in Scotland Yard's computer crime unit, and they eventually found Kvashuk's name as one of the official test accounts that had bought some Xbox gift cards illegitimately in 2017.
Kvashuk was fired in February 2020 and was charged with a number of crimes such as money laundering, identity theft, and wire fraud.
(Images from Microsoft)