I don’t think you are reading this correctly. People could access (most importantly) the full raw DNA profile. And many of those breached were from people who opted in a “Relatives” feature even if their account was secure.
23andMe uses a SNP array, or SNP chip, to look at SNPs (single-nucleotide polymorphisms, or more generally, single nucleotides that vary within a population). Basically what it gives you is a diff against a reference genome. So yes, while not a full genome sequence you can still get a VCF file out of it, impute sites that are not on the chip, use it for genealogy analysis, look at someone's disease carrier status, genetic disease likelihood, etc.
Yeah, I mean this is about 1 million SNPs, right? It's very very personal indeed. I could make good guesses at the chance of you going to university; your height; your risk of depression; what you look like....
I don't see where in the article is suggests that the attackers were able to obtain the raw genotype data of anyone other than the compromised account.
The pics of the offer and pricing suggests uniform DNA info rather than names or passwords for some and raw DNA profiles for others. Also this from the article:
“ The compromised accounts had opted into the platform's 'DNA Relatives' feature, which allows users to find genetic relatives and connect with them.
The threat actor accessed a small number of 23andMe accounts and then scraped the data of their DNA Relative matches, which shows how opting into a feature can have unexpected privacy consequences.”
https://customercare.23andme.com/hc/en-us/articles/227968028...