Lizard Squad Kept its Hacker-for-Hire Customers' Info in Plain Text

By Adam Clark Estes on at

Somebody hacked the Lizard Squad's super stupid DDoS-for-hire service last week, and guess what? The Lizard Squad sucks at cybersecurity. Not only did the hackers leave their so-called LizardStresser service vulnerable, the money-hungry kids left all their customers' data in plain text and £7,302 in bitcoin on the table.

It's unclear where the money is now, but the customer data is definitely out in the wild. Security expert Brian Krebs obtained a copy of the customer database and showed that the personal details of over 14,000 users is right there in plain sight.

Lizard Squad Kept Its Hacker-for-Hire Customers' Info in Plain Text

Screenshot via Krebs on Security

A few hundred of these customers paid between £4 and £332 in bitcoin for custom-made DDoS attacks for a grand total of  £7,302 in payments. But if the idiot Lizard Squad couldn't keep their own internal data safe, who knows how their bitcoin wallet is holding up.

In a way, this is all good news for the internet and the world. Despite its successful attack on the Playstation and Xbox networks—not to mention an attempt to take down Tor—the Lizard Squad isn't so scary, after all! Around the same time as the attack on LizardStressor, another purported member of the Lizard Squad was arrested. It's starting to look like LulzSec all over again, ironic tweets and all. This brag is from the night before Krebs reported on the LizardStressor hack:

Don't let the door hit you too hard, Lizard Squad. [Krebs on Security via Guardian]