Data was on sale from a user named "GoldApple" who claimed to have databases from 27 states and was selling them all for just $100. The mysterious seller claimed to have "voter IDs, full names, physical addresses, dates of birth, genders, phone numbers, citizen status".
More than one hundred million voters were listed, with the largest cache of information being from New York, with 15million, and Florida, 12.5million. Voter security has come under fresh scrutiny as Donald Trump continues to claim, without evidence, that the 2020 election was "rigged" against him. Cyber security experts however assured The US Sun that it is very unlikely - if not impossible - to use this data for the fraud being alleged by Trump.
Hackers may have broken into databases or cracked stolen devices to scoop up poorly-secured voter information - then matched it with other data online to create a neat package. Experts explained this data is likely to be used by troublemakers seeking to influence voters with targeted propaganda.
Ivan Righi, a cyber threat intelligence analyst for the firm, said such data could be used to spread misinformation or propaganda to to try and influence elections.
He told The US Sun: "Threat actors could use this data while conducting criminal activities, such as delivering targeted social engineering attacks, such as phishing, vishing, or smishing. "It is also realistically possible that this data could be used for other malicious purposes, such as harassment or stalking."
He added while voter databases can often be obtained legimately from state authorities, criminals may often steal and sell the database - sometimes exposing it for free. However, he assured its "unlikely" that such a database could be used to commit voter fraud as the information required to request a ballot is much more private.
Russia and Iran are previously known to have used stolen personal information combined with voter records to sow unrest leading up to the 2020 election. Databases of personal information remain one of the top items for sale by criminals on the dark web.
The dark web is a layer of the internet which can only be accessed by certain secretive browsers and is a haven for crooks and abusers. It has become a major problem for law enforcement as it is extremely difficult to track down who is on the other end of the screen. And the revelation follows a massive cyber attack in which hackers stole data from federal agencies - in a swoop believed to have been orchestrated by Russia.
Theresa Payton, the first female chief intelligence officer at the White House, CEO of Fortalice Solutions, told The US Sun it was "difficult" to use this information for election fraud. She explained: "That bulk sale of easy to use information could be used to target companies, government organizations, and individuals through convincing spear phishing and social engineering campaigns.
"It could be possible to try to commit fraud using this information but it would be hard to pull off at scale. Sadly, it is very likely that some of the data is legitimate." She added: "The data on the dark web for sale is very likely data stolen in past historical hacks matched to publicly available data."
Ms Payton said the sheer volume of information found by The US Sun on the dark web was "very concerning" - but added sadly it is "very common". She added: "Not much can be done to stop the information flow of US voter data unless a new way of registering voters and sharing information is reimagined. Perhaps, now is the time."
Cyber security firm Digital Shadows revealed to The US Sun they had also been tracking "GoldApple" who they found had more than 1,600 listings on various dark web marketplaces. Russia and Iran have both been accused of using such information to meddle in US elections.
In on example, Democrats received emails that were mocked up to look like they came from pro-Trump white nationalist group the Proud Boys. They demanded the registered blue voters flip to Trump, and it came just weeks after the President's "stand back and stand by" comments on the debate stage.
Dr Tim Stevens, the head of the Cyber Security Research Group at King's College London, told The US Sun this type information can likely be used for "stirring up trouble" in elections - citing the Iran case. "If it is cross matching data, that is pretty powerful information. We have been talking for years about if you join the dots you can develop quite sophisticated profiles of people," he warned, but said its unclear if that is the case with this data.
The expert said marketing companies and intelligence agencies could make use this information potentially for "political microtargeting" to sway votes - especially if they can snap up large bundles of data.
Dr Stevens added: "We don't need a wake-up call for the public, and we have had wake-up calls for government and industry - they have to be the ones to fix this." Dr Mostafa Tajdini, from the school of computer at Staffordshire University, told The US Sun "every hour" data gets leaked and ends up on the dark web - with half a million people's information being exposed in November alone.
"This data could be used to run phishing attacks on people," he said.
Edward Garb, a cybersecurity analyst at Atlas VPN, added data leaks are increasing due to a surge in remote working amid the pandemic - with 36billion files being exposed in 2020. President Trump continues to claim an elaborate, massive, multi-state conspiracy was executed against him to "steal" the election - despite Joe Biden being confirmed by the electoral college.
Trump and his team have so far offered no evidence, and have not yet won any meaningful court battles to overturn the results. Addressing President Trump's refusal to concede or accept the vote of the 2020 election, Mr Biden said: "The Trump campaign brought dozens and dozens of legal challenges."
"They were heard again and again. And each of the times they were heard they were found to be without merit." Mr Biden's victory saw him take 81,282,376 votes compared to Trump's 74,222,576 in the popular vote, and 306 electoral college votes to 232.
The victory was declared by major television networks on November 7, but has still not been acknowledged by Trump. Just days before the college met, Trump tweeted: "MOST CORRUPT ELECTION IN U.S. HISTORY."
His most die-hard fans and closest allies also continue to back his claims, with Trump insisting his election challenges are "not over".