Until recently, people could instantly add AMD GPUs to their cart thanks to a bug.
What you need to know
- A bug on AMD's allowed people to purchase GPUs before anyone else.
- The bug let people instantly add GPUs to a card the moment they became in stock.
- AMD has since patched the bug, so you can no longer use it to purchase a GPU.
A bug on AMD's website allowed scalpers, and anyone who could figure it out, to bypass anti-bot measures and to purchase a GPU. PCMag spoke with Reddit user "originofspices," who asked to not have his real name revealed, about the discovered bug. Originofspices suspects that scalpers knew about the bug for months and points out that you don't have to be that technical to exploit it.
"I'm sure other people had discovered this months before I did. It was so easy to find," said originofspices in a chat with PCMag. "100% actual scalpers had discovered this vector and were buying up lots of parts."
As anyone that's tried to purchase the best graphics cards knows, it can be a frustrating process to try to get one. Websites can slow down due to traffic, and stock often instantly sells out. Originofspices was able to get around anti-bot measures and awkward websites to instantly add a new GPU to his cart.
My vector created a permanent link that would allow you to attempt to add any product to cart," said originofspices. "The link could be hammered 24/7 without any restriction. The return would be a JSON packet that either showed failure or success."
Originofspices admits that he isn't a technical expert and that the site was easy to exploit, "The AMD web store that is run by Digital River was not well designed and was easily exploitable by unskilled users such as myself."
Using the bug, originofspices was able to purchase a Radeon RX 6900XT GPU, but you can't take advantage of the same bug to pick one up. He reported the bug to AMD, and it has since been fixed. For his efforts, AMD gave him a t-shirt.
No comments: