Hot on the heels of the news of the recent arrest of an individual possibly tied to script kiddie group, Lizard Squad, comes word that their pay-to-DDoS service was illegally accessed by third party sources.

For those unaware, Lizard Squad tried to be savvy business people after the success of pressing a button or two to bring down PSN, Xbox Live, and send threats to SOE's John Smedley. They set up a site, LizardStressor, that would allow people to coordinate similar attacks and sell subscriptions to its DDoS service. "Unfortunately" for them and their clients, an outside group managed to gain access to the LizardStressor customer database.

Those super leet hackers at Lizard Squad stored all client data in plain text. The database leak revealed more than 14,240 registered users but only a few hundred of those users actually showed any signs of having paid for services. Even more interesting is the fact that the database leak shows that customers deposited "more than than $11,000 (USD) worth of bitcoins to pay for attacks on thousands of Internet addresses and websites."

(via Krebs on Security)