DDoS Booter Service Suffers Security Breach

frogboy

Level 75
Trusted
Joined
Jun 9, 2013
Messages
6,496
OS
Windows 10
Antivirus
Emsisoft
#1

A dissatisfied customer has breached the server of TrueStresser, a DDoS-for-hire service, pilfered its database, and leaked some of the content online.

While we don't know when the actual hack took place, two files were uploaded on the Hastebin and Pastebin text sharing services last nights, each containing different parts of the stolen TrueStresser data.

Data leaked after a customer support dispute
A first paragraph atop the Pastebin file explains the attacker's motives, revealing the hack took place after one of the TrueStresser admins banned the hacker's account. We quote:

Truestresser database leaked, fucking scammers thats what happen when you ban people for no reason and you dont know how to manage your site, wtf all php files downloaded when i went to that [edited] but hey who cares here is all the info
Besides the short explainer, the Pastebin file also contained:
› API calls for an upstream DDoS service
› Details for 331 user accounts [username, hashed password, email]
› Cleartext passwords for 16 accounts
› A link to the Hastebin file, which the leaker claimed to be TrueStresser's config.php file.
The Hastebin file, in turn, contained database credentials for TrueStresser's control panel, the interface customers use to issue commands to a DDoS botnet and start attacks.

Full Article. DDoS Booter Service Suffers Security Breach