Lizard Squad, the hacker group that took down Xbox Live and the PlayStation Network on Christmas Day and then tried to cash in on its fame by selling the distributed denial-of-service service they used in the attacks, has received a dose of its own medicine... by getting hacked.
Online security researcher Brian Krebs claims to have accessed a customer database for LizardStresser, the tool that the hacking collective claims allows you to launch DDoS attacks on any website or internet service of your choice -- he had earlier claimed that the attacks are mostly powered by thousands of hacked home Internet routers.
“A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service,” Krebs said in a blog post, adding that paying customers handed over more than $11,000 in bitcoins to the group.
Krebs also noted that all registered usernames and passwords were stored in plain text, which is ironic given that the hacking group had said that the Christmas Day attacks were carried out to demonstrate poor security on Sony's and Microsoft's part.
This is the second major setback for Lizard Squad in a week, after UK’s South East Regional Organized Crime Unit (SEROCU) arrested an 18-year-old last Friday in connection with the Playstation and Xbox attacks. Two other members of the hacking group have also been rounded up by police since the initial attacks.
For those who are not in the know, this is the same group that took the responsibility for Blizzard and PlayStation Network outages last August, saying that the action wouldn't stop until the US ceased attacks on the Islamic State (also known as ISIS or ISIL).