This is a rather weird story to read, but an interesting one nonetheless. Kirstoffer Von Hassel from San Diego in the US worked out how to log in to his father’s Xbox Live account without the correct password. Sounds like a serious security flaw, right?
Microsoft has since fixed the issue and added Von Hassel to its list of recognized security researchers. A five-year old. Expectedly, Von Hassel is both excited and grateful Microsoft took the time to acknowledge his contribution, as well as sending some free titles to use on the video game system.
How the young boy managed to bypass the security feature was by purposely entering an incorrect password, which would bring up a verification screen. He would then fill the password field up with spaces, leading the system to log into his father’s account. A simple, yet serious flaw.
"I got nervous. I thought he was going to find out," Von Hassel told the TV station KGTV, "I thought someone was going to steal the Xbox." The father sent in the flaw details to Microsoft, who later thanked the family by sending four free games, $50 gift card and a year subscription to Xbox Live.