Lizard Squad’s DDoS website hacked, unencrypted customer database stolen

The hacker group that calls itself the “Lizard Squad” has received another serious blow: LizardStresser(dot)su, the website where customers go to rent their DDoS service powered by a botnet of mostly home routers, has been hacked by and its customer database stolen by an unknown attacker.

Brian Krebs managed to get his hands on the database, which revealed that the Lizard Squad didn’t think about keeping that information secure. Usernames and passwords used by the 14,241 registered users were stored in plain text, and could lead law enforcement to their real-world identities.

The database also shows that the Squad has collected over $11,000 in bitcoins from the several hundred users who actually rented the botnet and pointed it towards a wide variety of websites.

The group has received much public attention as well as that of law enforcement in the wake of their DDoS attack that successfully kept the Sony Playstation and Microsoft Xbox networks down for several days over Christmas. These attacks were made to serve as an adverisement for the Lizard Stresser service.

Since then, UK and Finnish law enforcement agencies have rounded up three alleged Lizard Squad members: two in the UK and one in Finland. One of the UK-based ones has been arrested on Friday, and is also accused of having been involved in several swatting attacks and bomb threats aimed at US-based educational institutions.