If you conceive a fire, you better prepare yourself to stray away from its flames. Maybe LizardSquad failed to learn this elementary lesson and underestimated the consequences that a rising popularity brings along.
LizardSquad, the hacker group that earned its fame from Playstation and XBox web portals hack, last month mentioned the intentions behind its notorious activities saying that it just wanted to catch a little attention for its tool dubbed “Lizard Stresser”.
Lizard Stresser is a tool developed by Lizard Squad which holds the potential to execute similar DDoS attacks that the group made on PlayStation and Xbox websites. Now reports have surfaced that the tool that was supposed to hack other websites, has fallen prey to a powerful attack, revealing all of the customer’s information who registered themselves to get access to the tool. Well, Lizard Squad isn’t the only player in this arena, that’s evident.
A copy of the Lizard Stresser customer database obtained by KrebsOnSecurity says that it has more than 14,241 registered users during its first month of operation. Krebs also notes that the entire database was ironically stored in plain text, thus exposing usernames and passwords of LizardSquad’s entire customer database.
Another Lizard kid (gang that DDoS'd Sony/Xbox) arrested; Lizard Stresser hacked, customer database leaked http://t.co/Whw9TfXDVB
— briankrebs (@briankrebs) January 16, 2015
It has been further identified that LizardStresser, the tool which this novice hacker group was using, has been taken as-it-is from TitaniumStresser’s source files.
The registered clients are now under a potential threat as much as the sites they paid to take down. Their identities are not a secret anymore (until and unless passwords have been changed).
IMAGE : FLICKR / CC 2.0 / Merrill College of Journalism