Uh, I initially dismissed this as a basic attack on credential stuffing. But...
> However, in this case, the cybercriminal sells a very large number of 23andMe profiles, which is unlikely to have been compromised directly using the aforementioned method.
> The firm’s spokesperson explained to RestorePrivacy that this is due to an optional feature that interconnects relatives and DNA matches on the platform, which was active on all the compromised accounts. This led to the magnification of the impact from a few breached accounts to the massive numbers we see on the forum post.
Also, previous discussion: "23andMe says user data stolen in credential stuffing attack" (292 comments) - https://news.ycombinator.com/item?id=37794379
For $1-$10 per record. Considering the amount of drama made over the protection of personal medical data, perhaps this should give people pause.
The market value of your combined PII and genome is about a cup of coffee. There's not really any market confidence that this can turbocharge advertising, let insurers fleece you, etc etc etc. It's basically as valuable as your email spammers use to send Viagra ads.