Basetools underground hacking forum breached, hacker demands $50K ransom

Basetools underground hacking forum was breached, hackers demand a $50K ransom to avoid sharing stolen data, including admin identity, with law enforcement.

A hacker that goes online with the Twitter handle mat (@0xScripts) has breached a popular underground hacking forum and he is threatening to share the stolen archive to the law enforcement if the administrators will not pay $50,000.

The forum is Basetools.ws, its members trade any kind of illegal product and service, including stolen payment card data, hacking tools, and stolen account data.

The hacking forum accounts for over 150,000 users, and its listing includes more than 20,000 tools. The hackers published this week a sample of the stolen data online demanding a ransom to the operators of the forum.

The hacker ‘mat’ contacted also Security Affairs to notify the data breach.

Mat is threatening to share data on the forum’s administrator with US law enforcement agencies.

He provided me the evidence of the authenticity of the stolen data, he shared with me and BleepingComputer an image of the Basetools admin panel and an image containing the site admin’s login details and IP address.

“I dumped the tools they were selling, their login credentials for cpanel accounts” Mat @0xScripts told me, he also added the he hacked the forum alone.

“login credentials for shells backdoors spambot etc”

The listing includes:

credentials for RDP servers;
login credentials for shells and backdoors:
login credentials for spambots hosted on compromised websites;
login credentials for server SSH;
dump form several data breaches;

The data breach is very serious and could have significant consequences for cybercrime underground community. The stolen data includes Basetools seller data could be soon leaked online. The above credentials could be leaked online and used by many other threat actors in the wild.

Below another image published by BleepingComputer

At the time I was writing, the basetools underground hacking forum is offline

The hackers told me that he hacked the forum not only for money but also as a retaliation for the fact that its administrator has been manipulating stats.

“He’s not a reseller, basetools is manipulating the stats by putting him in top places everytime and earning stats are manipulated by basetools” the hacker told me.

“Basetools.pw is manipulating EARNING STATS & RESELLER STATS, Owner of this market has opened a reseller with name RedHat which always stays in First Place,” reads the ransom note.

Stay Tuned …

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Basetools.ws underground hacking forum , data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.