A loophole in the Tori.fi online marketplace’s “Toridiili” system has allowed at least one seller to fraudulently obtain payment without sending purchased items. A resident of Tampere, Joonas Houni, discovered the vulnerability which centers around the delivery service Matkahuolto’s package locker system. The system allows sellers to access a locker using a code, remove the item, and then reseal the locker as empty, effectively keeping both the money and the goods. Houni lost 720 euros due to this flaw. Tori.fi has been alerted to the issue by Yle, the Finnish Broadcasting Company. The vulnerability exploits a gap in the verification process between the seller, the buyer, and the delivery service. It remains unclear how widespread the issue is or what measures Tori.fi is taking to address it.