Hacker Wants $50K From Hacker Forum or He'll Share Stolen Database With the Feds

[LASER_oneXM]

Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face.

The victim is Basetools.ws, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools. The site boasts to have over 150,000 users and over 20,000 tools listed in its forums.

Earlier this week, on Tuesday, an anonymous user appears to have breached the site, and uploaded samples of its database online, along with a ransom demand.

The attacker is asking for $50,000 or he'll share data on the site's administrator with US authorities, such as the FBI, DHS, DOJ, and the DOT (Department of Treasury).

To prove the validity of his claims, the hacker shared an image of the Basetools admin panel and an image containing the site admin's login details and IP address.

In addition, the hacker also dumped tools that Basetools users were selling on the site, such as login credentials for C-Panel accounts; login credentials for shells, backdoors, and spambots hosted on hacked sites; credentials for RDP servers; server SSH credentials, user data leaked from various breaches at legitimate sites, and many other more.

Lots of sensitive data leaked online
Despite the "small potatoes" feel that you get when reading about a breach at a hackers' forum, this security incident is quite of note.

All the Basetools seller data that was supposedly being sold on the forums before the hack is now online and easily accessible to anyone. This means that credentials for thousands of servers are now in easy reach to anyone who knows where to look for it.

Other hackers could take over these servers and deploy them in spam, malware hosting, or other malicious campaigns. The owners of these services will need to be notified so they can change credentials and clean up affected systems.

Furthermore, Katz has also identified user data that appears to come from services that have not previously announced they suffered a data breach. These services will also need to be notified so they can investigate any potential breaches, and reset passwords for affected accounts.

Katz is currently processing the leaked data and intends to reach out to some of the affected parties.

 

[Lightning_Brian]

Well, that is one way to stop these hackers - hack them back! I'm all about stopping the hackers! Don't quite agree about the "blackmail" (ish) portion though....requesting for $50,000. Maybe I'm too honest or wanting to go the extra mile - I would report it to the FEDS on site!

The companies who have their information stolen and or breached......golly! Not good at all.... I feel bad for them! I hope they request assistance from security firms and conduct internal/external audits fast!