Hacker-for-Hire Service Compromised, Database of Customers Leaked

sAttackers believed to be responsible for knocking offline Sony Playstation and Microsoft Xbox over Christmas have been hacked by kindred spirits.

The attackers, who call themselves “Lizard Squad,” offer their distributed-denial-of-service attack technique to paying customers. And a list of clients was hacked.

Revelations about the compromise come as United States and UK authorities jointly close in on the group. The Lizard Squad also is suspected of “swatting” targets, or dialing 911 about bogus emergency threats to trigger police raids on a targeted individual’s address.

Someone hacked the website the group uses to sell subscriptions to its attacks-for-hire service, a site called LizardStresser[dot]su.

“As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very “stresser” (a.k.a. “booter”) service, which allows paying customers to knock any website or individual offline for a small fee,” Krebs reports.

A copy of Lizard Squad’s customer database includes more than 14,241 registered users, but only a few hundred appear to have paid for the service.

“Interestingly, all registered usernames and passwords were stored in plain text,” Krebs adds. The database indicates that some customers dished out more than $11,000 worth of bitcoins to fund attacks on thousands of Internet addresses (including Krebs’ address).