Cyber Incident Victim: Shoppers Stop
Date:
Dec 2016
Location:
India
Summary
A group of four hackers, including BTech dropouts and a student, were arrested for digitally shoplifting vouchers worth ₹92 lakh by exploiting vulnerabilities in e-commerce payment gateways. They targeted multiple platforms, including Shoppers Stop, by manipulating transaction data during processing—using fake credit cards to initiate payments and altering voucher values from thousands of rupees to a single rupee before finalizing transactions. The fraud was detected after the affected voucher administrator reported substantial losses, leading investigators to track purchased devices’ IP addresses and social media profiles. The perpetrators, known for flaunting luxury lifestyles funded by their activities, utilized specialized hacking software and collaborated with international cybercriminals to refine their techniques.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 30, 2016, representatives of an e-commerce platform administering gyftr.com reported a fraud case to Delhi's Hauz Khas police, alleging theft of digital vouchers worth ₹92 lakh (approximately $138,000 USD at the time). Investigations revealed that between late 2016 and early January 2017, a group of four hackers led by Sunny Nehra—a 18-year-old BTech dropout—exploited vulnerabilities in the PayU payment gateway to manipulate voucher transactions on gyftr.com. The group, which included two other BTech dropouts and a Delhi University BCA student, utilized specialized hacking software and a high-performance Dell laptop with 256GB RAM configuration to execute attacks. Their method involved initiating voucher purchases using credit/debit cards obtained through fake documents, then pressing the 'cancel' button during payment processing to freeze the transaction page. They subsequently altered critical parameters—such as changing a ₹5,000 voucher value to ₹1—before completing the payment, exploiting decoded source codes from prior reconnaissance of the payment system.
The compromised vouchers were extensively used across multiple e-commerce platforms including Shoppers Stop, MakeMyTrip, Flipkart, Amazon, Dominos Pizza, and Myntra to acquire goods and services. The group flaunted their illicit gains through social media, offering discounted luxury electronics to friends and renting premium vehicles like Mercedes and BMWs. Delhi Police's Special Team identified purchased iPhones and iPads linked to the fraud, traced associated IP addresses to Nehra's Facebook profile, and apprehended him at a Gurgaon five-star hotel in January 2017. His three associates were subsequently arrested. Forensic analysis confirmed the hackers had collaborated with international counterparts in the Netherlands and Indonesia to refine their techniques, though the primary financial impact remained concentrated on gyftr.com and its partner merchants. Police characterized the operation as Delhi's first recorded case of large-scale digital shoplifting via payment gateway manipulation.