Would you have done the same thing that Sanmay Ved did?

Sanmay Ved is a self-described Google super-fan, and he worked for the company for more than five years. In the middle of the night in Sept. 2015, he was browsing on Google Domains, one of the company’s many businesses, this one a place to buy website domains. There were a few dot-coms that caught his eye for the low price of $12, but there was one in particular Ved thought might be particularly good for starting an online business: Google.com.

Yes, somehow, Google had allowed its hold on its own domain name, google.com, one of the most famous and most visited in the world, to expire. And there it was for sale, ironically enough, on Google Domains, for just $12.

Even though he figured something was very, very wrong, Ved couldn’t resist, added “Google.com” to his virtual shopping cart, entered in his credit card information, and bought Google’s flagship domain address. The transaction went through without a hitch.

Almost immediately, Ved was bombarded with information meant for the “real” Google. He uses a desktop utility on his computer, which gives him up-to-date back-end info on the other websites he owns, and he was flooded with messages for Google’s software operators, including highly senstitive internal information. Ved immediately reported it all to Google’s security team.

But then, about a minute later, it was all over. Google Domains cancelled the sale, sending him a message to let him know that someone else had put a claim on Google.com while he was busy checking out. That someone, of course, was Google. He got his $12 refunded immediately.

And then Google gave Ved a little something extra, for reporting all of the security errors and breaches. It’s company policy to award cash somewhere in the neighborhood of $10,000 to programmers who point out fatal flaws in Google’s code. Ved told Google he planned to donate it to The Art of Living India, a humanitarian and education charity in India. Google matched Ved’s donation.