5-year-old cracks Xbox One security by discovering simple flaw

Microsoft sends Kristoffer Von Hassel, aged five, four free games, $50, and a year of Xbox Live Gold after he reports how he managed to break Xbox Live security.

573 Comments
Please use a html5 video capable browser to watch videos.
This video has an invalid file format.
00:00:00
Sorry, but you can't access this content!
Please enter your date of birth to view this video

By clicking 'enter', you agree to GameSpot's
Terms of Use and Privacy Policy

A 5-year-old boy managed to circumvent the Xbox One's security and log in to his father's account without entering the correct password.

Reported on the BBC, San Diego child Kristoffer Von Hassel has now been credited as a security researcher by Microsoft. In an alternate universe, the kid probably turned to the dark side, logged into your account, and pumped your life savings into FIFA Ultimate Team card packs.

The exploit, which has already been fixed, was discovered by Kristoffer after entering the wrong password when trying to access his dad's Xbox Live account. By first attempting to log in with an incorrect password, users are taken to a second verification screen, where the child found out that by simply filling up the password field with spaces he would be able to access the account.

5 year old Kristoffer Von Hassel. Image credit: KGTV.
5 year old Kristoffer Von Hassel. Image credit: KGTV.

After besting the multibillion dollar company, the preschooler said to local news station KGTV that he "was like yea!"

After realising what he'd done, however, Kristoffer said he "got nervous. I thought [Dad] was going to find out."

Kristoffer's father, Robert, also works in computer security. Technical wizardry must run in the family.

What did Kristoffer think was going to happen after his father reported the error to Microsoft? "I thought someone was going to steal the Xbox," he said.

For reporting the major security loophole, Microsoft gave the kid four free games, $50, and a 12-month subscription to Xbox Live.

"We're always listening to our customers and thank them for bringing issues to our attention," said Microsoft in a statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

Got a news tip or want to contact us directly? Email news@gamespot.com

Join the conversation
There are 573 comments about this story