There’s a golden rule in software development—something every junior developer learns within their first month of writing code: “Never ship untested code to production.”
It sounds simple enough, right? Like “look both sides before crosing a road” or “don't use metal in a microwave” Yet, every now and then, giant corporations (with teams of thousands of developers, mind you) somehow forget this rule. And when they do, the results are usually hilarious for users and catastrophic for the company’s balance sheet.
This past week, Reliance JioMart (yes, the Reliance-backed e-commerce giant) may have had their mishappening. Officially, JioMart hasn’t said a word about it (and they probably never will—because who likes to admit they left the door wide open?). But users discovered something that looked suspiciously like a bug, and the telegram mafia did what it always does best: exploit it, and turn it into flowing cash
The Incident: When Offer Turned into Infinite Money Glitches
On the surface, JioMart’s scheme looked innocent enough. They rolled out a promotion saying: spend ₹101 or more, and you’d get ₹100 off. Great deal, right? (No, not even if this was not the incident) The kind that makes you add that extra packet of biscuits to your cart just to qualify.
Except… the way they set it up apparently had a fatal flaw. The promotional link they sent wasn’t just a one-time coupon link—it was reportedly a coupon factory. Every time you clicked it (or tweaked it just a little), boom: a brand-new coupon worth ₹100 landed in your account. Unlimited. Endless. Like Willy Wonka’s chocolate river, but instead of chocolate, it was discount codes.
And because the internet is faster at finding loopholes than companies are at closing them, people quickly caught on. Telegram groups saw a great opportunity and turned it to a cash thing. They started offering hundrends even thousands of cupons for free and once they ran out(which was pretty quick) they started selling them ₹10–20 each. Think about that: a ₹100 coupon going for just ₹10 or even free if you were lucky and quick. That’s not just a discount—that’s arbitrage, baby.
In effect, JioMart’s marketing campaign accidentally created a black market economy inside Telegram. Imagine explaining that in a board meeting:
“Sir, our competitors are not the issue. Our biggest competitor is now a Telegram group run by some college kids selling our coupons at 90% off.”
What (Allegedly) Went Wrong
From digging into the reports (and yes, some curious minds actually tested the link), the bug seemed almost embarrassingly simple. The link they sent out had a query parameter which likely was a tracking id for the specific customer but was not checked.
But here’s the kicker: the parameter could accept any random value and still generate a fresh coupon code like a coupon creating machine. Now, as developers, we can all imagine how this might have happened. Maybe someone forgot to add a validation check. Maybe QA was skipped because deadlines were looming. Or maybe the dev team thought, “Who’s going to notice?” (Answer: everyone. Everyone noticed.)
It raises the question: what kind of logic was powering this system? Was it something like:
if (request.hasQueryParam) {
generateCoupon();
}
Because that’s what it felt like. One missing if condition. One missing database check. One small oversight that spiraled into thousands of coupons.
And the funny part? This wasn’t some deep, sophisticated hack that required genius-level skills. No, this was low-hanging fruit. It’s the digital equivalent of leaving your shop unlocked at night with a sign saying, “Please don’t steal.”
The Aftermath: Servers Down, Coupons Everywhere
As word spread, chaos followed. JioMart’s cart service and related systems reportedly buckled under the load. Think about it: hundreds (maybe thousands) of people hammering the system, generating coupon after coupon, placing order after order.
For customers, it was like Diwali came few weeks early. For JioMart, it must have looked like a DDoS attack—but powered not by bots, but by real coupon hungry people.
Financially, the losses could have been massive. Even if only a fraction of the coupons were redeemed, each represented ₹100 in lost revenue. Multiply that by thousands, and you’re staring at some very uncomfortable spreadsheets.
JioMart has not confirmed the incident. Which makes sense. You don’t exactly want your brand trending on Twitter under #UnlimitedCoupons. Admitting it would be like saying, “Yeah, we accidentally let people print money for a day. Oops.”
But interestingly, the next day the link magically stopped working. Coincidence? Or a silent fix? I’ll let you decide. (Spoiler: it was a fix.). Still some sort of bug or intended feature like everyday you would click the same link you would still get a brand new coupon but seems like its intended working.
Why This Matters (and Why It’s Funny)
On one level, this is hilarious. Big company leaves giant hole, users exploit it, chaos ensues. It’s the kind of story that makes developers shake their heads and laugh nervously, because deep down, we all know: this could happen to any of us if we’re not careful.
But on another level, it’s dead serious. This wasn’t just a minor UI glitch or a typo in the app. This was a systemic design flaw—the kind that directly hits revenue.
The sarcasm writes itself:
- “Why bother with rate limiting? Let everyone generate coupons like new orders”
- “Who needs backend validation when you can trust query parameters, the most trustworthy part of the internet?”
- “Unit testing? Nah. Let production users do the testing for us. They’ll find bugs faster anyway.”
Lessons for Developers (and Corporates Who Don’t Listen)
- Validation is sacred. Never trust input from the client side. Ever. It doesn’t matter if it’s a coupon code, a price, or a user ID—if your backend just accepts it blindly, you’re inviting chaos.
- Abuse scenarios are real. When designing a system, don’t just think, “What’s the happy path?” Think, “How would someone misuse this?” Because trust me, someone will.
- Testing isn’t optional. Yes, deadlines are tight. Yes, management wants the feature out “yesterday.” But the cost of rushing can dwarf the cost of a delay. Which would you rather explain in a meeting: “We’re shipping a week late,” or “We accidentally lost crores because our coupon system was a slot machine”?
- Transparency matters (sometimes). JioMart chose silence, which is understandable. But imagine the goodwill they could have earned by acknowledging it lightly—“Hey, we goofed, it’s fixed, no free money anymore.” At least it would have made them human.
The Bigger Picture
Incidents like this aren’t rare. History is full of “fun” bugs that cost companies millions:
- In 2014, a bug in Shoppers Stop’s online store let people order items worth thousands for ₹1.
- In 2019, a Paytm glitch allowed people to generate unlimited movie tickets using promo codes.
- And who can forget the infamous “Amazon accidentally listed expensive cameras for $94” bug? (Someone, somewhere, got Christmas and Diwali rolled into one.)
The common thread? Rushing to production without proper testing. It’s the software equivalent of building a skyscraper but forgetting to check if the elevator works.
Closing Thoughts
Whether or not JioMart ever admits it, this was an interesting choke point in their system design—a perfect example of how one unchecked assumption can snowball into a full-blown crisis.
For developers, it’s a cautionary tale. For users, it was a once-in-a-lifetime sale. And for JioMart, it’s probably a very expensive lesson written into some internal post-mortem doc with the title: “Why We Test Promo Systems Before Sending Them to 100 Million Users.”
So the next time you’re tempted to push that untested code to production because “it’s just a small feature,” remember JioMart’s infinite coupon generator. In the world of software, shortcuts aren’t just risky—they’re sometimes very, very costly.
Or, to put it simply: you can either test your code, or your users will test it for you—and they’ll do it with a lot more creativity.
Top comments (0)