The Lizard Squad, an Internet mayhem group, has recently been caught with their proverbial pants down when an attacker compromised the customer database of the group’s recently released distributed denial of service (DDoS) for hire service. The service, the “Lizard Stresser,” allows paying customers to trigger attacks against websites and networks that can knock them off the Internet for seconds or hours.

Lizard Squad is best known for ruining Christmas Day for users of Microsoft Corporation’s Xbox Live and Sony Online Entertainment LLC’s PlayStation Network. The mayhem group announced the release of the Lizard Stresser at the height of their infamy after taking credit for the Christmas Day attacks, which the group also predicted.

Security expert Brian Krebs from the Krebs on Security blog briefly mentioned the customer database compromise in a December article about Lizard Squad’s ineptitude entitled “Lizard Kids: A Long Trail of Fail.” However, on Friday, Krebs revealed that his outfit had obtained a copy of the compromised database and that the Lizard Squad failed to even secure the passwords—instead, the passwords are stored in plain text (i.e. human readable.)

Another Lizard kid (gang that DDoS’d Sony/Xbox) arrested; Lizard Stresser hacked, customer database leaked http://t.co/Whw9TfXDVB

— briankrebs (@briankrebs) January 16, 2015

Krebs says that the DDoS-for-hire tool saw more than 14,241 registered users within a month, however “only a few hundred appear to have funded accounts at the service.”

Further, the database revealed that customers deposited more than $11,000 USD worth of bitcoins and targeted thousands of Internet addresses for attack (including KrebsOnSecurity.com itself.)

There is an apparent juvenile rivalry from Lizard Squad towards Krebs, which is visible in the Lizard Stresser DDoS-for-hire tool. The tool contains several mentions of Krebs including jokes about Krebs’s hairline and includes his e-mail address as a “supporter” of the service.

DDoS-for-hire ordinarily a less-visible black market service sector

Krebs also revealed in December that the Lizard Stresser is a rough copy/paste of another more popular product TitaniumStresser. While Lizard Squad managed to gain notoriety for attacking major gaming services, DDoS-for-hire is already a well known service of the “black market” that is normally not visible to the general public.

NexusGuard gave SiliconAngle an idea of what the DDoS-for-hire market is like and how these sites are built in a previous article. These services build on top of “attack infrastructure,” which Lizard Squad’s tool is known to use compromised routers, and hooks in the copied front end for taking money and directing attacks.

Lizard Squad members being caught, questioned by authorities

After the Christmas Day attacks caught the public’s attention news has been trickling in about possible Lizard Squad members being arrested and/or questioned by international authorities.

In December, reports surfaced that the FBI sought “ryanc” or Ryan, a teen and Finnish resident, in connection to Lizard Squad. Then, shortly thereafter, UK authorities arrested an alleged Lizard Squad member, 22-year-old British citizen Vinnie Omari. Finally, in early January, the South East Regional Organized Crime Unit announced the arrest of an 18-year-old teen who is also speculated to be connected to Lizard Squad.