The owner seems to be based in EU; so the local data protection laws, at minimum, would require removing user personal info (phone info) at their request, free of charge (not the $1000).
And if I recall correctly, they might even be required to prove that they have opt-in permission from the actual users for storing&processing their personal info (phone numbers) even if they obtain it from a third party such as other websites; they obviously don't have this so they can face fines for improper treatment of personal data.
And if I recall correctly, they might even be required to prove that they have opt-in permission from the actual users for storing&processing their personal info (phone numbers) even if they obtain it from a third party such as other websites; they obviously don't have this so they can face fines for improper treatment of personal data.