Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday August 22 2017, @12:45AM   Printer-friendly
from the get-/good_prices.htm dept.

USA Today has a story about a New Jersey couple who allegedly used a glitch in Lowes website to steal merchandise.

A New Jersey couple used a website glitch to try and get more than $258,000 worth of goods — everything from a gazebo to an air conditioner to a stainless steel grill — for free from a home improvement store, authorities said.

Ultimately, the couple was only able to secure nearly $13,000 worth of merchandise from Lowe's after exploiting "weaknesses" in the company's website to have the items shipped to their home in Brick for free, according to a release from the Ocean County Prosecutor's Office.

Romela Velazquez, 24, was arrested and charged with theft by deception and computer criminal activity for accessing a computer system with the purpose to defraud. She attempted to get about $258,068 worth of unpaid merchandise from Lowe's, according to the release.

She actually received about $12,971 in stolen products, according to the release.

Her husband, Kimy Velazquez, 40, was charged with third-degree receipt of stolen property and fencing for his role in the alleged scheme.

The couple tried to sell some of the products on a local Facebook "buy and sell" group for half of the original sale price, listing the products as "new in box," authorities said.

According to an article on NJ.com, an attorney for the couple has stated that Velazquez is just an expert shopper, not a criminal hacker.

Jef Henninger, an attorney for Romela Velazquez, said his client is "the farthest thing from a computer hacker."

"Like many young mothers, she needs to stretch every dollar she can," Henninger said in a statement. "As a result, she has learned to spot good deals. These are the same deals that any of us can take advantage of, but most of us are too busy to learn how to spot them.

"Buying things at a big discount and selling them is not illegal. As a result, she maintains her innocence (and) looks forward to her day in court."

As far as I have been able to find, no technical details about the hack have been released.

One of the more interesting details that I did see was

Lowe's, makers of Ugg shoes and Victoria's Secret have been identified as victims so far – but many more retailers were also ripped off and will eventually be identified, officials said.

Who knew?

Additional coverage at the New York Post and BleepingComputer.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by pTamok on Tuesday August 22 2017, @09:59AM (4 children)

    by pTamok (3042) on Tuesday August 22 2017, @09:59AM (#557448)

    I guess it will depend on the details.

    There's a concept of reasonable expectations. I don't think, for example, specially crafted http requests, edited cookies, or exploiting lack of input validation would be regarded as legitimate shopping. Give-aways would normally be well signposted.

    To use a real-world analogy: if Lowe's left their doors accidentally unlocked over a holiday period, and people went in and helped themselves to whatever was on the shelves, would that be stealing? Exploiting someone else's mistakes for personal gain is, if nothing else, shady practice. Some people regard exploiting marks as entirely legitimate. I don't.

  • (Score: 2) by aclarke on Tuesday August 22 2017, @11:46AM (3 children)

    by aclarke (2049) on Tuesday August 22 2017, @11:46AM (#557462) Homepage

    If Lowes left their doors open and I walked in, I'd call that stealing.

    If I was given a coupon that said "100% off lawnmower" and I went in and got a free lawnmower, I'd do that in a heartbeat. That's their problem, not mine, and I am not going to judge their intent. Perhaps they have a reason why they're considering that a loss leader in some way. Companies do weird things sometimes.

    If Lowes printed a "50% off lawn ornaments" coupon and I used it for "100% off lawnmower", I'd consider that immoral. I wouldn't do it, in the same way that if I discovered I was given too much change back, I'd let the cashier know.

    I don't know what the law says, but to me those are the ethical lines.

    • (Score: 2) by Fnord666 on Tuesday August 22 2017, @01:47PM

      by Fnord666 (652) on Tuesday August 22 2017, @01:47PM (#557501) Homepage

      [...]

      If I was given a coupon that said "100% off lawnmower" and I went in and got a free lawnmower, I'd do that in a heartbeat. That's their problem, not mine, and I am not going to judge their intent. Perhaps they have a reason why they're considering that a loss leader in some way.

      Now to make this a closer analogy, let's say you use photoshop to create your own coupon and you happen to find an employee willing to honor it. The intent is now much more clear.

    • (Score: 2) by VLM on Tuesday August 22 2017, @08:09PM (1 child)

      by VLM (445) Subscriber Badge on Tuesday August 22 2017, @08:09PM (#557694)

      My guess based on some client interaction and working retail decades ago is the company refund / deal codes are pants on head retarded.

      Customer service is supposed to be able to deduct $100, $200, whatever from an order to pay back a legit customer for a problem. Oh you ordered $5000 of lumber for your deck and two pieces are unservicable sry sir have code WTF501234 which entitles you to $50 off on your next order. And the next call for $50 off is WTF501235, you get the idea. Take a guess how much the refund is for code WTF256789, why thats $25 off serial number 6789

      Now someone out there can order a pallet of driveway salt online and take a wild ass guess that code WTF001500 is pre-loaded for $50 off.

      Obviously this is WAY more fun for applying 100 refund cards on one order, or refund codes worth $2500 not $50. But its the same general idea.

      Some coupon codes are just dumb encodings, not exactly a SHA256 hash. Taking a very recent example, so you can get 10% off at papa murphys pizza using tmobile10 and some rocket surgeon out there posts that tmobile50 takes ... 50% off your pizza. There's whole subreddits devoted to this kind of code trading.

      • (Score: 2) by FakeBeldin on Wednesday August 23 2017, @01:24PM

        by FakeBeldin (3360) on Wednesday August 23 2017, @01:24PM (#557979) Journal

        True, though I have yet to see a "coupon" for a 100% discount. And even if I did, to me there's a huge distinction between "I was given code DISCOUNT10, let's try DISCOUNT25" and "I have code DISCOUNT10, let's try DISCOUNT100".