5-year-old uncovers Xbox Live account security flaw

A 5-year-old boy was able to hack into his father's Xbox Live account by falsely entering the password with space keys, 10News reports.

The vulnerability has since been corrected. After booting up an Xbox One, Kristoffer Von Hassel would incorrectly enter his father's password. After it took him to a verification screen, he'd use the space button trick to log on.

Von Hassel's parents discovered the 5-year-old had accessed the account after they found him playing restricted games. The Von Hassels contacted Microsoft, who then rewarded the boy with four games, $50 and a yearlong subscription to Xbox Live. Von Hassel is also listed online as one of the security researches who helped make the company's systems safer.

"We're always listening to our customers and thank them for bringing issues to our attention," Microsoft said in a statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

According to the boy's father, it's the third or fourth time Kristoffer has found the vulnerabilities in security systems. To see how Von Hassel accomplished his hack, check out the video on 10News.

More from Polygon

Hearthstone - Plague Quarter gameplay video

  • A guided video tour of an Unreal Tournament map

  • Freedom Planet gameplay video

  • Adventure Time trailer

  • Hearthstone: Naxxramas Overview

Latest Discussions

Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.