DDoS Booter Service Suffers Security Breach

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
v8wuFJn.png

A dissatisfied customer has breached the server of TrueStresser, a DDoS-for-hire service, pilfered its database, and leaked some of the content online.

While we don't know when the actual hack took place, two files were uploaded on the Hastebin and Pastebin text sharing services last nights, each containing different parts of the stolen TrueStresser data.

Data leaked after a customer support dispute
A first paragraph atop the Pastebin file explains the attacker's motives, revealing the hack took place after one of the TrueStresser admins banned the hacker's account. We quote:

Truestresser database leaked, #####ing scammers thats what happen when you ban people for no reason and you dont know how to manage your site, wtf all php files downloaded when i went to that ##### but hey who cares here is all the info
Besides the short explainer, the Pastebin file also contained:
› API calls for an upstream DDoS service
› Details for 331 user accounts [username, hashed password, email]
› Cleartext passwords for 16 accounts
› A link to the Hastebin file, which the leaker claimed to be TrueStresser's config.php file.
The Hastebin file, in turn, contained database credentials for TrueStresser's control panel, the interface customers use to issue commands to a DDoS botnet and start attacks.

Full Article. DDoS Booter Service Suffers Security Breach
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top