Five-year-old hacks dad’s Xbox account

Microsoft fixed the major password flaw and crowned Kristoffer Von Hassel with the title of ‘security researcher’.

A five-year-old boy has successfully logged in to his father’s Microsoft Xbox Live account using an incorrect password, exposing a major security vulnerability concerning the console’s password system.

Having been alerted to the issue, Microsoft has now fixed the flaw and crowned Kristoffer Von Hassel, from San Diego, California, with the title of ‘security researcher’ as thanks for his actions.

According to local news station KGTV, Kristoffer realised that entering an incorrect password into the Xbox’s initial log-in screen would take him to a second password verification screen, which then by simply pressing the space bar to fill up the password column granted him access to his dad’s account.

Kristoffer said: "I was like yea!"

"I got nervous. I thought he was going to find out," the kid added.

"I thought someone was going to steal the Xbox."

Microsoft also rewarded Kristoffer with four free games, $50 (£30), and a year-long subscription to Xbox Live. The company also added his name to a page set up to thank people who have discovered flaws in Microsoft products.

"We’re always listening to our customers and thank them for bringing issues to our attention," Microsoft said in a statement.

"We take security seriously at Xbox and fixed the issue as soon as we learned about it."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing