There are a LOT more laws being broken than simply pocket-change extortion. Unsolicited hacking is illegal and breaks a ton of laws. Despite the hackers' "offer" to resolve the security issues, they are
not so-called "ethical hackers," who are typically professional computer system security experts paid to identify and resolve the weaknesses of a company's network.
Freelance ethical hackers identify the exploit, but then
instead of using it, they simply notify the administrator that, "hey, there's a back door open here."
They
do not alter the content of a site or shut it down, like these nuisances did.