5-year-old cracks Xbox One security by discovering simple flaw

Microsoft sends Kristoffer Von Hassel, aged five, four free games, $50, and a year of Xbox Live Gold after he reports how he managed to break Xbox Live security.

By on

573 Comments
Click To Unmute
GS News Update: 5-year-old discovers security flaw in Xbox One
  1. 14 Things I Wish I Knew Before Playing Diablo 4
  2. Vampire: The Masquerade - Justice | Announcement Trailer | Meta Quest 2 + 3 + Pro
  3. PowerWash Simulator VR | Announcement Trailer | Meta Quest 2 + 3 + Pro
  4. Stranger Things VR | Gameplay Trailer | Meta Quest 2 + 3 + Pro
  5. 7th Guest VR | Announcement Trailer | Meta Quest 2 + 3 + Pro
  6. Ghostbusters: Rise of the Ghost Lord | Story Trailer | Meta Quest 2 + 3 + Pro
  7. Attack on Titan VR: Unbreakable | First Concept Trailer | Meta Quest 2 + 3 + Pro
  8. Bulletstorm | Announcement Trailer | Meta Quest 2 + 3 + Pro
  9. Samba de Amigo | Get Ready to Shake It With Amigo & Friends in VR | Full Meta Quest Trailer
  10. The Expanse: A Telltale Series Story Trailer
  11. Etrian Odyssey Origins Collection - Launch Trailer
  12. Layers of Fear - Editions Reveal Trailer

Want us to remember this setting for all your devices?

Sign up or Sign in now!

Please use a html5 video capable browser to watch videos.
This video has an invalid file format.
00:00:00
Sorry, but you can't access this content!
Please enter your date of birth to view this video

By clicking 'enter', you agree to GameSpot's
Terms of Use and Privacy Policy

A 5-year-old boy managed to circumvent the Xbox One's security and log in to his father's account without entering the correct password.

Reported on the BBC, San Diego child Kristoffer Von Hassel has now been credited as a security researcher by Microsoft. In an alternate universe, the kid probably turned to the dark side, logged into your account, and pumped your life savings into FIFA Ultimate Team card packs.

The exploit, which has already been fixed, was discovered by Kristoffer after entering the wrong password when trying to access his dad's Xbox Live account. By first attempting to log in with an incorrect password, users are taken to a second verification screen, where the child found out that by simply filling up the password field with spaces he would be able to access the account.

5 year old Kristoffer Von Hassel. Image credit: KGTV.
5 year old Kristoffer Von Hassel. Image credit: KGTV.

After besting the multibillion dollar company, the preschooler said to local news station KGTV that he "was like yea!"

After realising what he'd done, however, Kristoffer said he "got nervous. I thought [Dad] was going to find out."

Kristoffer's father, Robert, also works in computer security. Technical wizardry must run in the family.

What did Kristoffer think was going to happen after his father reported the error to Microsoft? "I thought someone was going to steal the Xbox," he said.

For reporting the major security loophole, Microsoft gave the kid four free games, $50, and a 12-month subscription to Xbox Live.

"We're always listening to our customers and thank them for bringing issues to our attention," said Microsoft in a statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

The products discussed here were independently chosen by our editors. GameSpot may get a share of the revenue if you buy anything featured on our site.

Got a news tip or want to contact us directly? Email news@gamespot.com

Xbox One
Join the conversation
There are 573 comments about this story
Load Comments (573)