There are a LOT more laws being broken than simply pocket-change extortion. Unsolicited hacking is illegal and breaks a ton of laws. Despite the hackers' "offer" to resolve the security issues, they are not so-called "ethical hackers," who are typically professional computer system security experts paid to identify and resolve the weaknesses of a company's network.
Freelance ethical hackers identify the exploit, but then instead of using it, they simply notify the administrator that, "hey, there's a back door open here."
They do not alter the content of a site or shut it down, like these nuisances did.
Never mind. I tried to access the site earlier this evening at my gym and I could not get on. Every time I clicked on a link to go to the forum, it kept asking me to input username and password. I just logged out now and was not able to replicate the same result. So, I guess problem is solved.
There is one thing I noticed, though. After I logged out, I went back into the forum and it showed me logged in again. I had to delete the evc cookies to be logged out completely. Probably nothing, though.
Added by edit.
Percy, I really hope you report this. You can't continue being your nice and forgiving self. If it were up to me, I'd stick a red hot iron poker up their asses.