Was there any development on if there was an actual investigation or help from Google to identify the fraudsters, given these are @gmail email addresses?

Walter Shao is a qnap employee, and probably not related to the fraudsters.

That still wouldn't fix the fact that they don't have a process to prevent this from being possible.

This is a multi-faceted fuck up, and several people are responsible. This includes the management who decide on processes, like QA and security. Someone should have caught this in some kind of review at a company as big as QNAP Systems shipping real hardware to all kinds of businesses and consumers.

Maybe Walter should never have coded this in, but that doesn't mean that it should even be possible for that to reach an end-user.

Other companies and other industries have such processes.

In short, that would just be blame-shifting by the management who are also at fault.

You'll get no disagreement from me on that one, clearly the process is horribly broken. But given that fact it is better not to have 'Walters' on staff.

So instead of fixing the problem just fire walter ? Why not use walter as a test case. What about john, or jane, or fred ?

There's also the fact that Walter will never, ever again in his life make this mistake since the massive fuckup is now burned into his brain (in theory, if that isn't the case, then of course he needs to be fired) -- of course, there are a lot of people who would never have made the mistake to begin with. It's not completely trivial to answer, but again should be impossible by process.