https://www.nbcbayarea.com/news/tech/23andme-user-data-stolen-shkenazi-jewish-users/3336464/
https://www.washingtonpost.com/technology/2023/10/06/23andme-hacked-data/

A hacker is offering to sell records identifying names, locations and ethnicities of potentially millions of customers of genetic testing company 23andMe, beginning by touting a batch that would contain data of those with Jewish ancestry.

A 23andMe spokeswoman confirmed that the leak contained samples of genuine data and said the company is investigating. She said it appeared likely that the hacker or accomplices used a common technique called credential stuffing: Taking username-and-password combinations published or sold after breaches at other companies, and trying those combinations to see which were reused by 23andMe customers. When the hacker found logins that worked, they copied all the information made available to legitimate users by their relatives, sometimes hundreds of them per account.

The company said it had reported the matter to law enforcement and that this was the first incident of its kind at the firm.

The data does not include genomic details, which are especially sensitive, but does include usernames, regional locations, profile photos, and birth years. The usernames are often something other than full legal names.