A five-year-old boy from San Diego discovered a major security flaw in Microsoft's Xbox Live service that allowed him to sign into his dad's account without knowing his password, the BBC reports.

Kristoffer Von Hassel realised that he could bypass the Xbox One's security and log in to his dad's account simply by entering an incorrect password and filling the password verification screen with spaces.

"I was like yea!" Kristoffer told ABC 10 News, adding that he "got nervous" when he thought his father - who works for a computer security firm himself - would find out.

Microsoft is since said to have fixed the flaw.

"We're always listening to our customers and thank them for bringing issues to our attention," Microsoft said in a statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

To reward him for his discovery, Microsoft provided Kristoffer with four free games, $50 and a year's subscription to Xbox Live Gold.

Source: bbc.co.uk, 10news.com