5 year old Kristoffer Von Hassel figured out that he could log into his dad's Xbox Live account without a password by entering spaces into a second password verification screen after entering the wrong password at the login screen. Kristoffer's father notified Microsoft, and they've now listed Kristoffer as a "security researcher" on their website. He's also received four games, fifty bucks, and a year of Xbox Live.
UPDATE: Experts at Errata Security are quick to point out that this report is full of misleading information. For one thing, much of the reporting is done from Moscow, over 1000 miles away (thus making concerns of physical location less conclusive). Secondly, much of the malicious software in question would have to be willingly downloaded and installed. Though many Russian-based Olympics sites may be questionable, it has nothing to do with Sochi itself.