A 5-year-old boy from San Diego got a sweet deal from Microsoft in return for discovering a major security hole.
The company gave Kristoffer Von Hassel four free games, $50, and a one-year subscription to Xbox Live. He was able to gain access to his dad’s account by entering the wrong password into the login screen, then filling up the password field by pressing the space bar on a second password verification screen. His dad, Robert, is a security expert and sent details of the loophole to Microsoft.
Microsoft said in a statement, “We’re always listening to our customers and thank them for bringing issues to our attention.”
“We take security seriously at Xbox and fixed the issue as soon as we learned about it.”
Microsoft has bounty programs set up to reward those who discover security issues with its services. Nothing as official exists for Xbox, but it is clear from this example that it’s willing to reward people for finding and reporting issues with Xbox services.
Besides his gifts from Microsoft, young Kristoffer now has his name on a page dedicated to thanking people who have discovered problems with Microsoft products. The whole situation turned out much better than the boy was expecting. “I got nervous. I thought he was going to find out,” he told local television station KGTV, referring to his dad. “I thought someone was going to steal the Xbox.”
Register for GamesBeat's upcoming event: Driving Game Growth & Into the Metaverse