Hundreds of holiday cakes were purloined through weakness in internal website.
China’s Mid-Autumn Festival started today, as much of the world now knows due to a runaway inflatable moon incident reported yesterday (as seen below). Celebrated on the 15th day of the eighth month in the Han calendar—corresponding to the full moon closest to the Autumnal Equinox—the holiday is commemorated in Chinese culture through the exchange and sharing of moon cakes.
The cakes are round pastries filled with lotus seed paste or red bean paste and occasionally the salted yolk of a duck egg surrounded by a thin crust. They are traditionally given as presents by businesses and are in huge demand in much of China and in Chinese communities around the world leading up to the festival. And that’s likely what drove four employees of the Chinese e-commerce site Alibaba to exploit a weakness in an internal company website offering discounted mooncakes to company staff.
Alibaba offered its employees one free mooncake each—complete with a plush Alibaba mascot hidden inside, rather than the traditional duck yolk. Additional cakes were sold at cost to employees for friends and family through an internal e-commerce page. But as China Dailyreports, the four employees—software engineers at the company—were able to surreptitiously insert additional software into the website, directing extra mooncakes to themselves. Alibaba’s internal security team detected the hack and found that the four were “cheating using technology” to amass 124 boxes of the cakes (with four cakes per box). All four employees were dismissed.
One alleged cake hacker confessed on the question-and-answer site Zhihu (a Chinese equivalent of Quora). He claimed he had been unable to buy a cake through the internal website and created his own “plug-in” to hack for cakes after he discovered others were doing the same. The individual claimed that while he shifted his attention to other tasks, the hack he had created ordered 16 boxes of free cakes. Within two hours, he claimed, he was caught by corporate security and was asked to leave.
“This is the fastest dismissal I have ever experienced,” he wrote. “It may also rank high on the list for goofballs.”