I run a few hidden services and realized that the url /server-status exposes the ip of most hidden services including mine. Checking the markets in the sidebar (that are online now) one of them has this page enabled, Majestic Garden/TMG (but unlike most others, it doesn't leak any ips). Here is an example of a hidden service that leaks its ips on that page: http://lkzrfpop7hhszdqp.onion/server-status
There is a simple fix, https://httpd.apache.org/docs/2.2/mod/mod_status.html and I think hidden service and darknetmarket operators need to be aware that this page is enabled by default and needs to be disabled to protect the ip address of your apache server.
Another discussion about this and how I realized my server was leaking it's ip is here: https://www.reddit.com/r/onions/comments/2s2i11/ok_to_post_real_ips_of_insecure_hidden_services/
don't take this the wrong way - but if you run a hidden service and have mod_status enabled then you really shouldn't be running a hidden service.
hire somebody who understands the hidden service threat model and can setup and administer a stack for you.
the answer to your question is that it is highly unlikely that Onymous relied on status pages to uncover all of those hidden services, as that would have been something that would have been noticed a lot earlier.
every security scanner in the world checks server-status and similar urls