Lizard Squad, the group that claimed responsibility for hacking Microsoft and Sony, was itself hacked recently.
Lizard Squad had released what the business called LizardStresser, a platform that accepted payments in return for launching denial of service attacks on websites of the payers' choice.
Brian Krebs, of KrebsonSecurity, wrote that LizardStresser was designed to use hacked home computers to help pull off those DDoS attacks.
But Krebs also reported the Lizard Squad didn’t pay enough attention to its own security and that “someone” hacked the group’s website and obtained information on its customers.
“As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very 'stresser' (a.k.a. 'booter') service, which allows paying customers to knock any Web site or individual offline for a small fee,” Krebs explained. “A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than USD $11,000 worth of bitcoins to pay for attacks on thousands of Internet addresses and Web sites (including this one).”
ArsTechnica analyzed the data pulled from Lizard Squad’s LizardStressor site and said that “more than half the users launched less than 20 short attacks, with only 30 users launching more than 100.” Most people who tried to use the DDoS attacks from the group seemed to have few technical skills, Ars said.
Krebs reported that police have arrested at least two Lizard Squad members.