5 Year old who discovered flaw in Xbox Live is rewarded by Microsoft


Every company strives to make its system as secure as possible. It is entirely possible that sometimes any third person can find an exploit and report it (or have some other malicious intention). This is what happened with Microsoft as an exploit in their Xbox Live was reported by the most unlikely of sources.

Kristoffer Von Hassel, a 5 year old boy from Ocean Beach, California discovered a flaw which could allow a person to log-in to a Xbox Live profile without a password. The boy in question was playing “mature” games (which he was not allowed to play) when his dad realized it. His dad, Robert Davies works in computer security himself so he was intrigued as to how his son managed to gain access to his Live account. His son then showed him the “exploit” and it was so simple that any 5 year old could do it!

All Kristoffer did was enter a wrong password for his dad’s account which resulted in the console showing a verification screen. Then he typed a few space keys and hit enter and voila!! He was able to access his father’s Xbox Live Account

On discovering the exploit, his dad said

“Just being five years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool,”

The exploit was reported to Microsoft and they fixed it rather immediately. Kristoffer’s name was also listed on a website dedicated for people who help Microsoft¬† make its services more secure. Besides that, the kid also got four free games, one year of Xbox Live Subscription and a $50 cash prize as a gift for reporting the exploit.

It turned out to be a win-win situation for both the parties involved and Microsoft avoided any bad press as a result of this vulnerability.