Lowes website

A couple from the Brick Township in New Jersey stands accused of using a flaw in the Lowes online portal to receive goods for free at their home.

According to a press release from the Ocean County Prosecutor's Office, the couple tried to steal goods worth $258,068.01, but only managed to receive approximately $12,971.23 worth of merchendise.

The Brick Township Police Department arrested the two suspects — Romela Velazquez, 24, and Kimy Velazquez, 40 — on August 3, when they also executed a search warrant at their home.

Police needed an 18-foot trailer to collect stolen goods

Officers on scene said the residence resembled "more of a warehouse than a home." Investigators said they recovered enough merchandise to fill an 18-foot trailer.

Most items were in their original packaging and still had their price tags. Below is a list of the most expensive items found at the couple's home:

3 Dyson Ball Vacuum Cleaners
70” Vizio LED Smart TV
Aluminum Gazebo
Approximately $2,500 Victoria Secret Underwear
Dewalt Power Washer
Honda Lawn Mower
LG Portable Air Conditioner
Multiple Boxes of Ugg Shoes
Multiple Boxes of furniture (not put together)
Nikon D5000 Camera
Sony Stero Surround Sound System with 4 Speakers
Stainless Steel Weber Grill

Authorities did not provide in-depth technical details but revealed the flaw resided in the site's gift card module.

Couple tried to sell the goods on a Facebook group

Police say Romela Velazquez posted ads for some of the stolen goods on a Facebook group used to buy and sell used objects. The suspect was selling most of the items at half the price offered on the Lowes website.

The couple was charged and released on a summons pending a future court date. They two have a two-year-old daughter, and Romela Velazquez is a Filipino immigrant.

Romela Velazquez's lawyer said she'll fight the charges. The attorney said the suspect had found a knack for finding good deals, and did not possess the skills to hack Lowes website.

Authorities charged Romela Velazquez with 2nd-degree Computer Criminal Activity for accessing a computer system with the purpose to defraud, 2nd-degree Theft by Deception. They charged Kimy Velasquez with 3rd-degree receipt of stolen property and 3rd-degree fencing.

Related Articles:

Facebook States 30 Million People Affected by Last Month's "View As" Bug

Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover

WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Adobe Releases October 2018 Security Updates. None for Flash Player!