From Gamespot:
5-year-old cracks Xbox One security by discovering simple flaw
A 5-year-old boy managed to circumvent the Xbox One's security and log in to his father's account without entering the correct password.
San Diego child Kristoffer Von Hassel has now been credited as a security researcher by Microsoft. In an alternate universe, the kid probably turned to the dark side, logged into your account, and pumped your life savings into FIFA Ultimate Team card packs.
The exploit, which has already been fixed, was discovered by Kristoffer after entering the wrong password when trying to access his dad's Xbox Live account. By first attempting to log in with an incorrect password, users are taken to a second verification screen, where the child found out that by simply filling up the password field with spaces he would be able to access the account.
MSFT was cool about it:
For reporting the major security loophole, Microsoft gave the kid four free games, $50, and a 12-month subscription to Xbox Live.
That was a major security hole -- pretty amazed that it took a kid to discover it. I would hate to be that developer...