Technology
The Indian Express

How 2 BTech graduates hacked Chandigarh firm, stole Rs 19 lakh Amazon vouchers

Source Entity

The Indian Express

July 17, 2026
How 2 BTech graduates hacked Chandigarh firm, stole Rs 19 lakh Amazon vouchers

Two BTech graduates from Prayagraj were arrested by Chandigarh Police for hacking a firm's servers and stealing Rs 19 lakh in Amazon vouchers. The duo allegedly used fake accounts to convert the vouchers into gold coins for resale.

Cybercrime and Technical Exploitation: The Amazon Voucher Heist

In a striking instance of technical skill being weaponized for criminal gain, the Chandigarh Police have apprehended two BTech graduates, Gaurav Singh and Siddharth Pandey, hailing from Prayagraj, Uttar Pradesh. The duo is accused of orchestrating a sophisticated cyber-attack against Corporate Incentive Solutions Pvt Ltd, a Chandigarh-based firm. By breaching the company's server security, they managed to steal Amazon gift voucher codes totaling approximately Rs 19 lakh, marking a significant breach of corporate data integrity.

The Modus Operandi: A Divided Labor of Cyber-Theft

The operation was characterized by a clear division of technical and operational roles. According to police investigations, Siddharth Pandey acted as the primary infiltrator, utilizing his technical expertise to hack into the company's servers. His objective was to access confidential data repositories where the Amazon gift voucher codes were stored. Once the codes were leaked, they were passed to Gaurav Singh, who handled the redemption process. Singh utilized a network of fake Amazon accounts to mask his identity and redeem the stolen codes, ensuring that the trail remained obscured from the platform's standard fraud detection systems.

Asset Conversion and Money Laundering

A critical aspect of this crime was the method used to liquidate the digital assets. Rather than attempting to transfer funds directly, which would have triggered immediate red flags, the accused purchased gold coins and other high-value valuables through the e-commerce platform. This strategy served as a form of rudimentary money laundering; by converting digital vouchers into physical gold, the perpetrators transformed a traceable digital theft into a tangible, easily resellable asset. This transition from digital to physical currency is a common tactic used by cybercriminals to break the digital audit trail.

Vulnerabilities in Corporate Incentive Management

This incident highlights a critical vulnerability in how firms like Corporate Incentive Solutions Pvt Ltd manage digital assets. The fact that voucher codes were accessible via a server breach suggests a potential lack of robust encryption or multi-factor authentication for sensitive data access. For companies specializing in incentives, the security of voucher codes is equivalent to the security of cash. This case underscores the urgent need for SMEs to implement zero-trust architectures and regular security audits to prevent unauthorized server access and subsequent data leaks.

The Paradox of Technical Education

The background of the accused—both being BTech graduates—presents a troubling paradox. While technical degrees are intended to foster innovation and economic growth, this case demonstrates how the same skill set can be diverted toward illicit activities when ethical boundaries are ignored. The ability to navigate servers and manipulate e-commerce accounts requires a level of proficiency that is typically taught in engineering programs, illustrating the ongoing challenge of cybersecurity where the "attacker" often possesses the same academic training as the "defender."

Conclusion and Future Outlook

The arrest of Singh and Pandey serves as a cautionary tale regarding the reach of law enforcement in the digital age. Despite the perpetrators operating from Uttar Pradesh while targeting a firm in Chandigarh, the coordinated effort of the police led to their apprehension. As digital vouchers and e-gift cards become more prevalent in corporate gifting, the incentive for such hacks will likely increase. Future trends suggest that firms will need to move toward single-use, dynamically generated codes and tighter integration with e-commerce APIs to eliminate the possibility of bulk code theft.

Verification Required?

Read the full report from the primary source

Go to The Indian Express