5-year-old hacks Xbox, becomes Microsoft 'security researcher'

The boy got in via a glitch in the password verification screen

A 5-year-old San Diego boy has been commended by Microsoft for his security skills after finding a vulnerability in the company's Xbox games console.

Kristoffer Von Hasssel's parents noticed earlier this year that he was logged into his father's Xbox Live account and playing games he was not supposed to.

He hadn't stolen his father's password. Instead, he stumbled upon a very basic vulnerability that Microsoft is said to have now fixed.

After typing an incorrect password, Kristoffer was taken to a password verification screen. There, he simply tapped the space bar a few times, hit "enter" and was let into his father's account.

The password allowed him to access not only the games but everything else on the Xbox, including a non-age-restricted YouTube account, his father, Robert Davies, said by telephone Friday.

"I was like, 'Wow, that's so cool,'" Davies said.

Despite some who insist that Kristoffer must have had help, Davies said his son indeed accessed the Xbox account on his own.

Perhaps it was in his genes: Davies is a security engineer at the San Diego offices of ServiceNow, an enterprise IT cloud services company.

Davies reported the bug to Microsoft, which fixed it right away.

Kristoffer's name is now listed among Microsoft's March list of security researchers who have disclosed vulnerabilities in its products.

"We're always listening to our customers and thank them for bringing issues to our attention," Microsoft was quoted as saying in the report.

Kristoffer received a reward of US$50, a year's subscription to Xbox Live and four games, his father said.

That's a bit less than some other bug finders receive. Microsoft launched several new bounty programs of its own last year, including one that pays up to $100,000 for "truly novel exploitation techniques."

The story was first reported by an ABC News affiliate.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesGame platformsMicrosoftsecuritydata breachgamesonline servicesinternetdata protectiongame software

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zach Miners

IDG News Service
Show Comments

Most Popular Reviews

Deals on Good Gear Guide

Deals on Good Gear Guide


Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs


Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?