A group of hackers who are usually responsible for stealing information had the tables turned on them by a fellow hacker who is threatening to report some of his peers to the United States government if the victims don’t pay a $50,000 ransom.

The victims currently at the whim of the hacker are the users of Basetools.ws, an underground hacking forum where hackers can exchange stolen credit card information, login credentials and tools of the trade.

The attacker gained access to the site earlier this week and appeared to steal the Basetools.ws user database, complete with usernames and other personal information a hacker may have attached to his or her account. The site claims more than 150,000 users and hosts more than 20,000 hacking tools.

To prove he or she means business, the attacker behind the extortion attempt provided some proof to suggest he or she is actually in control of the data as claimed. The evidence included samples of the forum’s database and screenshots showing the site’s administrative panel, as well as the login details.

Basetools.ws has since gone offline in the wake of the ransom attempt and was placed in maintenance mode. Visitors to the site currently see the message “Hi all, Good news we have near to fixed our system what broked our store, we will back online in one day with the best tools around, have patience please.! Thank you.” No part of the site is accessible beyond that.

At this point it is unclear if the ransom has been paid and the site will return to operation or if the ransomer followed through on the threat and provided the database of hackers to the FBI, Department of Homeland Security, Department of Justice and the Department of Treasury. For the time being, it seems as though the solution for the parties remains in limbo.

While the $50,000 demand is sure to be a nice score for the attacker behind the extortion effort, the motivation does not appear to be solely financial. The ransom note left by the hacker also made it clear there was a personal element to the situation and claimed the Basetools.ws admins have been fudging data to financially benefit themselves.

"[Basetools] is manipulating EARNING STATS & RESELLER STATS, Owner of this market has opened a reseller with name RedHat which always stays in First Place," the ransom note said—suggesting the site owner has promoted their own account at the expense of others.

While the hack represents a small number of users compared to other breaches, the situation could have wide-reaching implications. Basetools did possess a number of powerful tools and credentials that could become widely available online. The credentials for servers used to deploy attacks, for example, have reportedly been made available online for anyone to use.

The breach of Basetools also may have revealed stolen user data take from sites and services that are either unaware of the fact they have been hacked or have not yet publicly disclosed it. Either outcome is less than ideal for any user who has login credentials exposed online.