Photo/Shetuwang

Jan. 21 (NBD) -- Top up 100 yuan (14.8 U.S. dollars) to your phone for the price of 0.4 yuan (5.9 cents)? You must be thinking "are you kidding me", right?

Surprisingly, many Internet users did that successfully, with some topping up an amount that could cover their phone bills for over a decade to come. 

This happened after hackers exploited an expired coupon vulnerability in the system of Chinese social e-commerce platform Pinduoduo. The loophole was leaked in the wee hours of Sunday and allowed Internet users to get 100-yuan coupons with no purchase minimum. 

Reports said Pinduoduo lost heavily on phone top-up alone, let alone merchandise orders and virtual product orders. The total loss reportedly amounted to 20 billion yuan (3.0 billion U.S. dollars). NBD found that one online shop even logged 430,000 transactions worth 43 million yuan (6.3 million U.S. dollars). 

This led to consumers' concern about the future of the group-buying site, with some worrying about whether the company would collapse overnight, as its cumulative operating revenue for the first three quarters of 2018 was only 7.5 billion yuan (1.1 billion U.S. dollars). 

However, in a statement released Sunday on its official Weibo account, the social e-commerce platform said coupons worth tens of millions of yuan were stolen, and the loophole had been fixed. According to the company, coupons involved were launched specially for a TV program, only for guests of the show, and had never been used for any online promotion in any way. 

Snapshots published by one Internet user showed the social-shopping site has closed merchandise orders unilaterally and refunded the actual payment. Such behavior provoked discontent among a number of Internet users. Some claimed that since their coupons were received legitimately, Pinduoduo has to fulfill its responsibilities and arrange delivery, or it should make compensation in accordance with the Law on the Protection of Consumer Rights and Interests. 

Xiao Sa, board member of the China Association of Banking Law, said average people should return unjustified gains if they knew they were using expired coupons to buy products, but they should bear no liability for Pinduduo's loss. For the massive loss caused by the loophole, the group-buying platform has the right to request compensation from hackers that stole discount vouchers, Xiao added. 

Shanghai police has opened a cyber fraud investigation into the case and frozen involved orders in bulk in accordance with property preservation regulations, Pinduoduo said in a new statement Monday. Based on the current situation, the e-commerce platform predicted its actual loss would be below 10 million yuan (1.5 million U.S. dollars). 

Previously, China Eastern Airlines and Tencent Video have experienced similar vulnerabilities. Unlike Pinduoduo, both companies chose to fulfill the orders placed during the incident. 

With regard to this, Pinduoduo said the coupon case is essentially different as the previously reported were civil issues caused by improper operations. What happened to Pinduoduo is cyber fraud, more like a situation that a criminal gang got a little scared after stealing things from a house so that they opened the door and invited passers-by to steal together.

In the new statement, the company promised to grant an additional 100 million yuan (14.8 million U.S. dollars) of red envelopes in the ongoing and upcoming Spring Festival promotions.

Email: lansuying@nbd.com.cn