Lizard Squad Kept Its Hacker-for-Hire Customers’ Info In Plain Text

Lizard Squad Kept Its Hacker-for-Hire Customers’ Info In Plain Text

Somebody hacked the Lizard Squad’s super stupid DDoS-for-hire service last week, and guess what? The Lizard Squad sucks at cybersecurity. Not only did the hackers leave their so-called LizardStresser service vulnerable, the money-hungry kids left all their customers’ data in plain text and $US11,000 in bitcoin on the table.

It’s unclear where the money is now, but the customer data is definitely out in the wild. Security expert Brian Krebs obtained a copy of the customer database and showed that the personal details of over 14,000 users is right there in plain sight.

Screenshot via Krebs on Security

A few hundred of these customers paid between $US6 and $US500 in bitcoin for custom-made DDoS attacks for a grand total of $US11,000 in payments. But if the idiot Lizard Squad couldn’t keep their own internal data safe, who knows how their bitcoin wallet is holding up.

In a way, this is all good news for the internet and the world. Despite its successful attack on the Playstation and Xbox networks — not to mention an attempt to take down Tor — the Lizard Squad isn’t so scary, after all! Around the same time as the attack on LizardStressor, another purported member of the Lizard Squad was arrested in the United Kingdom. It’s starting to look like LulzSec all over again, ironic tweets and all. This brag is from the night before Krebs reported on the LizardStressor hack:

Don’t let the door hit you too hard, Lizard Squad. [Krebs on Security via Guardian]