He discovered a vulnerability in the app and ate free food for two years!

According to the South China Morning Post, Takuya Higashimoto, a 38-year-old Japanese resident, exploited a security vulnerability in Demae-can, one of the country's popular food ordering apps, to enjoy free meals for two years. Police in Nagoya said Higashimoto defrauded the app by placing more than 1,000 fake orders.

MILLIONS IN LOSS

According to the report, Higashimoto received 1,095 refunds after reporting each order as "undelivered." This method cost the company 3.7 million yen (approximately 1 million Turkish Lira) in losses.

Higashimoto, who often orders expensive food through the app, had favorites like canned eel, hamburger steak and ice cream.

To avoid detection, the man opened 124 different fake accounts, using fake names and false addresses for each one. He also purchased prepaid phone cards using fake IDs and then canceled them after placing the orders.

"I WANTED TO TRY"

Higashimoto, who ordered ice cream and chicken steak for his last order, received another "order not received" message after the delivery. This resulted in a refund of 16,000 yen (approximately 4,500 TL).

In his statement to the police, he confessed to the fraud as follows:

"At first I just wanted to try it. But once I got a taste of free food (money), I couldn't stop."

APPLICATION IS IN ACTION

Following the incident, Demae-can announced that it would strengthen its user authentication systems and develop a new algorithm to automatically analyze "non-delivery" complaints.