5-year-old boy finds Xbox One security flaw, Microsoft rewards him with free games

Microsoft is always looking to keep its Xbox Live service safe from those folks who want to maliciously take control of the accounts of others. This week, it was revealed that a Xbox Live account vulnerability was discovered by a 5-year-old boy.

KGTV in San Diego reports that the child in question, Kristoffer Von Hassel from Ocean Beach, California, had managed to log into his father's account while playing on his Xbox One console. This gave the boy access to more "mature" games that he was not supposed to play.

When his father discovered what Kristoffer had done, he asked his son how he accomplished this feat. As it turned out, Kristoffer first typed in a wrong password for his father's account, which then led to a verification screen. Kristoffer then just typed in some space keys on that screen, hit enter, and he got access to his father's Xbox Live account.

Both Kristoffer and his father reported what they have found to Microsoft. The company has since fixed this rather odd exploit and has listed Kristoffer's name on a website with others who have found vulnerabilities on their service. Furthermore, the company gave him $50, four free games and a free year of Xbox Live subscription. It sounds like Kristoffer might just have a bright future in online security.

Source: KGTV | Image via KGTV

Report a problem with article
Previous Story

Microsoft's Windows App Studio now supports universal apps

Next Story

Nokia to include free wireless charger with the Lumia 930

41 Comments

Commenting is disabled on this article.

Studio384 said,
Was this a bug in the Xbox or the server it communicated with?

Most likely it was a server verification issue so that was patched. Otherwise it would of needed an update push.

Kids are so, how shall I say, un-indoctrinated. You can always count on them to try obvious, yet clever stuff.

Radium said,
A free game? That's nice but aren't adults rewarded with a nice sum of money?

He was awarded $50, 4 free games and a year of Xbox Live.

Given that he's 5, $50 is roughly $1,000,000 in adult money.

McKay said,

He was awarded $50, 4 free games and a year of Xbox Live.

Given that he's 5, $50 is roughly $1,000,000 in adult money.

Well yeah but still he is under paid. They could have pass the money to his dad for safekeeping anyway.

tanjiajun_34 said,
Well yeah but still he is under paid. They could have pass the money to his dad for safekeeping anyway.

Exactly my point.
They could also create an account for him and have the money locked until he's 18. That would give him good interest rates.

Radium said,

Exactly my point.
They could also create an account for him and have the money locked until he's 18. That would give him good interest rates.

Interest rate? What bank? At today's BS consumer interest rates, $50 would have to sit there for roughly 17,530 years to build any kind of reasonable interest.

If you lock them in for like 10 years, you'll get around 5-10%. At least that's what is available here. That's a better option than to just give him a free game, which is worth less than the interest rate on the reward money that an adult would get.
Adults get waaay more than $50. Microsoft hand out $1000 and upwards.

mastercoms said,
What's next? Hacking into accounts with up, up, down, down, left, right, left, right, B, A?

Shhhhhhh! It's still open and not patched yet!

The Dingus Diddler said,
Nope, you just bribe Kinect by flashing for it... or in my, case threatening to flash if it doesn't let you in.

I loved this comment. Just made friday THAT much better.

The Dingus Diddler said,
Nope, you just bribe Kinect by flashing for it... or in my, case threatening to flash if it doesn't let you in.

Wait.. do you mean getting naked in front of the Kinect?...

I am so upset with this kid right now for going public with the exploit. That's how I was playing all of Steve Ballmer's games for free.

The Dark Knight said,
BRILLIANT!! :D

Good of Microsoft to reward the boy like that. :)

Apple would have terminated his account and sued him.

When his father discovered what Kristoffer had done, he asked his son how he accomplished this feat. As it turned out, Kristoffer first typed in a wrong password for his father's account, which then led to a verification screen. Kristoffer then just typed in some space keys on that screen, hit enter, and he got access to his father's Xbox Live account.

Really?

Almost looks like an easter egg to me ...

StarkWiz said,
lol, I guess he just wants to use it to find vulnerabilities.
Nope. That's Microsoft paid zombie to hype up the Windows 8 adoption. :shiftyninja:

Jaybonaut said,
You know exactly what I was getting at regardless of arguments that can be made.

Yeah, really crap attempt at trolling, that was my point.