Apparently, Xbox Live wasn’t childproof. After repeatedly breaking into his dad’s Xbox Live account, a five-year-old boy has gotten an official thanks from Microsoft (NASDAQ:MSFT) for the discovery that allowed him to play games on his dad’s Xbox account without permission.
Five-year old Kristoffer Wilhelm von Hassel plays Xbox games. His parents noticed that the child was playing games that he didn’t have their permission to play. So, they asked him how he was getting into his dad’s account, where he was accessing the prohibited Xbox games. What he showed them revealed a major security flaw in the Xbox Live login procedure that allowed the child to hack into his parent’s account.
The San Diego, California native signed into his dad’s account by giving a bad password. He then used the spacebar as characters on a secondary password verification screen. It recognized that as a password and let the child into his dad’s Xbox Live account. His dad Robert filmed the child breaking into his Xbox Live account. Rather than getting in trouble, his father, who works in computer security, was so impressed by his son’s discovery of the security flaw he told the local news.
He then sent his son’s findings to Microsoft to report the security flaw. In response, they received four games, a year of Xbox Live Gold membership, $50, and Kristoffer’s name on Microsoft’s Security Researcher Acknowledgements, listing the child as a Security Researcher.
Kristoffer said he would be famous after seeing his name on the Microsoft page in the local news report. The boy was right. Kristoffer’s grandmother contacted the local ABC affiliate who ran a short segment on her grandson in the evening news. From the initial report, the story spread worldwide, including a news story in BBC News’ website.
Microsoft released a statement related to the incident, which was quoted in both the ABC 10 and BBC News reports on the story. “We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it,” said Microsoft.
Xbox Live has been hacked in the past. Last year, the Xbox Live accounts of some high-level Microsoft employees were hacked. In May 2012, gaming news website Kotaku ran a story about how Xbox Live users were getting hacked and locked out of their own accounts. In 2011, accounts linked to the FIFA 12 game experienced hacks. Hacks are usually associated with popular game franchises. Microsoft has responded by fixing security holes and encouraging users to report them to the company. (Sony’s PlayStation Network has also experienced similar hacks.)
Microsoft has since fixed the bug that let Kristoffer into his dad’s Xbox Live account. Since the incident, Kristoffer told a local news reporter wants to be a gamer when he grows up. Perhaps considering his knack for discovering security flaws, a career in computer security would be another option.