Lizard Squad, a group of hackers who were arrested after DDoSing Xbox Live and PlayStation Network, have had their DDoS-for-hire service hacked and the entire database of customer information was stolen.
The customer database was stored in plain, unencrypted text. Such information should be encrypted to protect customer’s sensitive information in the case of a breach such as this one. Geek reports this aspect to be “particularly juicy considering how the group chastised Microsoft and Sony for being unprepared for its attacks.”
Before the cyber-attack on LizardStresser, the Lizard Squad tweeted that they had “mad cash flow” from services provided by the group.
Just who has made off with the stolen data is unclear, however, a security researcher by the name of Brian Krebs had a look at the files and was able to confirm that over 14,241 customer usernames and passwords were leaked as a result of their lack of encryption. He also indicated that only a few hundred of the registered users appeared to have funded accounts at the service and that over $11,000 USD worth of the Bitcoin crypto-currency had been used to pay for attacks.
Krebs’ analysis of the hacker group’s infrastructure for launching distributed denial of service (DDoS) attacks indicated that it was composed of “thousands of hacked home Internet routers.”
Customers of the DDoS service paid between $6 and $500 worth of bitcoins for custom-tailored DDoS attacks, according to Gizmodo.
An earlier report here on Immortal News indicates another purported member of the hacking group was arrested in the United Kingdom.
Distributed denial service attacks overload resources with the intent of making the target machine or network inaccessible. Hacked hardware such as personal computers or in the case of Lizard Squad, what Krebs claims are home routers, are used in parallel with one another to overload their target. At times, these attacks can take resources offline and make them inaccessible to their intended users, as was the case with Lizard Squad’s attacks against Xbox and PlayStation’s online gaming services.
While news reports alleged members of LizardSquad have been arrested, the group tweeted their defiance in the face of authorities cracking down on them as they said that “you can’t arrest a lizard” and you “don’t even know what a lizard looks like.”
What are your thoughts on the PlayStation and Xbox hackers getting hacked and arrested?