Upon reading this you may think that this couldn’t happen, but in an interview with KGTV Station, 5 year old Kristoffer Von Hassell explained how he was able to access his father’s account on his Xbox One and make purchases without knowing his password.
Whilst playing around the 5 year old inputted the incorrect password during the log-in process. This then prompted a second verification screen and instead of selecting any potential password, he simply enter the space bar. This allowed Kristoffer access to his father’s account.
Robert, the father, passed this information on to Microsoft who immediately resolved the issue. Since then Microsoft have thanked Kristoffer by not only including his name in a list of security researchers that are thanked for their contribution to Microsoft, but he also received four free games, $50 and a year long subscription to Xbox Live. Something tells me there may be a job opening for this bright spark in the near future.
Microsoft have yet to comment on whether anyone else has exploited this flaw within the Xbox One.