5-year-old uncovers Xbox Live account security flaw

A 5-year-old boy was able to hack into his father's Xbox Live account by falsely entering the password with space keys, 10News reports.

The vulnerability has since been corrected. After booting up an Xbox One, Kristoffer Von Hassel would incorrectly enter his father's password. After it took him to a verification screen, he'd use the space button trick to log on.

Von Hassel's parents discovered the 5-year-old had accessed the account after they found him playing restricted games. The Von Hassels contacted Microsoft, who then rewarded the boy with four games, $50 and a yearlong subscription to Xbox Live. Von Hassel is also listed online as one of the security researches who helped make the company's systems safer.

"We're always listening to our customers and thank them for bringing issues to our attention," Microsoft said in a statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

According to the boy's father, it's the third or fourth time Kristoffer has found the vulnerabilities in security systems. To see how Von Hassel accomplished his hack, check out the video on 10News.

More from Polygon

The horror of Five Nights at Freddy's

  • Dark Souls 2: Crown of the Old Iron King Overview

  • Spacecom: a fast 4X built for multiplayer

  • Pillars of Eternity builds on role-playing classics

  • Tour the 1 KB hard drive built inside Minecraft

Latest Discussions

X
Log In Sign Up

forgot?
Log In Sign Up

Please choose a new Polygon username and password

As part of the new Polygon launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Polygon going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Polygon username and password

As part of the new Polygon launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Polygon going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5353_tracker