14 DAY TRIAL // A database with plain text credentials for Lizard Stresser, the distributed denial-of-service (DDoS) attack service provided by Lizard Squad hackers, leaked last week, but someone speaking for the group said that the list was actually leaked intentionally by a member.
The list was obtained by security blogger Brian Krebs, who said that someone hacked the website hosting the service and extracted the information.
Lizard Squad does not care too much about protecting customer details
The spokesperson, whose name was not disclosed but who received a description from Forbes pointing to Finnish individual using the alias Ryan Cleary, said that a crew member actually handed the Lizard Stresser customer information to Krebs.
It is unclear why a Lizard Squad member would do this, especially since the feud between the two parties is not a secret.
However, the spokesperson said that the rest of the hacker group have a pretty good idea about who was behind the leak.
As far as the data being stored in plain text, the answer was simple: “It’s not like we’re Amazon,” implying that they have nothing to lose if the log-in credentials of customers make it into the public domain; after all, they are not used for legitimate purposes and no consequences would follow.
It appears that the database, now available online, contained “some interesting people,” some of them being well known on Twitter as well as in the gaming community. This should not come as a surprise since gamers often resort to DDoS to attack different gaming networks.
Service advises use of unique passwords
According to the one speaking for the group, most of the users on the list recycled their passwords for other online accounts, allowing the hackers easy access to their profile.
A fair warning about using a unique password is shown upon logging into the service: “Change your passwords everywhere if you used this service.”
The power of Lizard Stresser is drawn from thousands of poorly protected router devices that have the default manufacturer credentials restricting access to their administration console.
Although the hacker group was known in the security industry, it rose to fame before Christmas 2014 when they announced that they would initiate on Christmas day a crippling attack on Sony PlayStation and Microsoft Xbox Live gaming networks; and they kept their word.
Functionality of the two networks was regained only when KimDotcom offered them 3,000 vouchers for his file storage service, Mega. If the hackers would leave PSN and Xbox Live alone, the vouchers, each worth $99 / €88, would be converted to lifetime, otherwise they would be revoked. The group is currently selling the vouchers at a third of their value.