At the request of customers and petrol station operators, a software update was released that was supposed to simplify the handling of accumulated bonuses. However, there was an error in the code, which the fraudster somehow found out about. If the bonus card was scanned twice, a “demo mode” was activated and the petrol station could dispense fuel without payment.
The investigation found that the female hacker exploited the vulnerability at least 510 times between November 2022 and June 2023. She stopped doing so exactly on the day a patch was released that fixed the vulnerability. In total, the woman received free fuel worth $27,000. She also transferred the card to third parties at least a dozen times so that they could also save on fuel.
Adverts
