Lizard Squad Hacked, Customer Database Compromised

Hacker group Lizard Squad is famous for causing widespread blackouts on Xbox Live and PSN during the 2014 holiday season. However, the group’s own network has now been compromised. According to reports, hackers made their way into Lizard Squad’s servers and stole their entire customer database.

In late 2014, the hacker group threatened to bring down Xbox Live and PSN services during the busy holiday season. They specifically warned users about a blackout, which was planned for Christmas Eve.

Indeed, both Xbox Live and PSN users were frustrated by several blackouts, which occurred numerous times between Thanksgiving and Christmas Eve. However, the group proudly accepted responsibility for the disturbance.

As reported by Newsweek, Lizard Squad initially claimed “they hacked Xbox and PlayStation to prove a point about how flimsy the networks’ security systems were.” They later confessed that the entire fiasco was a ploy to gain attention — and customers.

For a fee, Lizard Squad offered to help users hack into and take down websites via the same methods used to break into Xbox and PlayStation. Essentially, DDoS attacks render machines and networks unusable by overloading them with fake traffic.

GameSpot reports that more than 14,000 people signed up for the unusual service. Unfortunately for Lizard Squad and their customers, the database was kept in a plain text file. As it was easily accessible, and was not encrypted, the usernames and passwords were easily stolen by the hackers.

Computer science student Eric Zhang had an opportunity to view Lizard Squad’s files. Although he did not reveal sensitive details about the customers, Zhang said fewer than 250 users actually “attempted to launch attacks.” Apparently, a majority of the users were gamers who hoped to shut down their opponents’ computers.

Zhang revealed details about the LizardStresser program, and the hack, via his personal website. He said the group did very little to protect their network and their customers’ identities. He further cautions users against paying Lizard Squad for their services or providing personal information to the hacker group.

In addition to being hacked, Lizard Squad members are facing criminal charges. In Britain, 22-year-old Vincent “Vinnie” Omari and 18-year-old Jordie Lee-Bevan were both arrested in connection with the holiday season attacks.

Authorities have also linked Lee-Bevan to an “ISIS enthusiast group” called “ISISGang,” which was responsible for a 2014 bomb threat at Sandy Hook Elementary School.

Although Lizard Squad was hacked and at least two members were arrested, nobody from the group has commented about the situation.

[Image via Hot For Security]