A few years back, a well-known supermarket chain, part of Delhaize Belgium, set up a prize game.

It was a web game where your prizes depended on your ranking.
Since it was a web-based game, you can guess what might happen With a few tricks, I managed to tweak the scoring logic.
I could award myself as many points as I wanted in each round.

The prizes were items worth more than $50 and there were over 100,000 items up for grabs.

After realizing this and placing myself high on the leaderboard with way more points than anyone else, I reached out to someone at Delhaize, via Linkedin, and let them know about this serious vulnerabilities in their game.

It's unbelievable, but they never fixed it, nor did they cancel the game.
Of course, I never claimed my prizes, but it's quite a story about how nonchalant they were about the whole thing.