China's biggest online store could lose millions in credit recharge bug

An online credit recharge bug could cost China's leading business-to-consumer (B2C) website into the millions, while subscribers who took the advantage of the flaw could be put behind bars.
Written by Liu Jiayi, Contributor

China's leading online retailer 360buy.com may lose as much as CN¥200 million (US$32m) after the company failed to fix a bug on its cellphone credit recharge platform that allowed subscribers to recharge credit and virtual currency without actually paying for it. 

Screen Shot 2012-11-03 at 13.47.40
360buy.com credit recharge platform. Screenshot credit: ZDNet

News spread quickly of the bug on the Chinese social media Weibo on October 30 that the site's online recharge platform was giving out 'free' credits for more than an hour, roughly between 10:30 p.m. and 11:40 p.m.

An unknown number of subscribers were able to collectively put millions of cellphone credits on their accounts, but also buy Q coins, a virtual currency used by the popular instant messaging platform QQ. It is believed that users were able to recharge their accounts with as much as CN¥360,000 (US$58,000) of credits during that period.

The recently launched credit recharge platform is still in an early testing stage, but a source speaking to a Chinese website confirmed there people took advantage of the bug, but the total amounts taken was not that significant.

The source also said the technical staff fixed the loophole late that night, and 360buy's legal department had intervened. In a statement in the following day, 360buy.com said it reserves the right to prosecute those who took advantage of the bug and made "vicious" recharge orders.

"This is theft, an open door doesn't mean you could get in and grab everything you want," said veteran lawyer Yu Guofu. "If the amount was small, the court would give out a milder punishment; but if big, the defendant could be sent to prison."

Editorial standards