I don't see where in the article is suggests that the attackers were able to obtain the raw genotype data of anyone other than the compromised account.
The pics of the offer and pricing suggests uniform DNA info rather than names or passwords for some and raw DNA profiles for others. Also this from the article:
“ The compromised accounts had opted into the platform's 'DNA Relatives' feature, which allows users to find genetic relatives and connect with them.
The threat actor accessed a small number of 23andMe accounts and then scraped the data of their DNA Relative matches, which shows how opting into a feature can have unexpected privacy consequences.”
“ The compromised accounts had opted into the platform's 'DNA Relatives' feature, which allows users to find genetic relatives and connect with them.
The threat actor accessed a small number of 23andMe accounts and then scraped the data of their DNA Relative matches, which shows how opting into a feature can have unexpected privacy consequences.”
Edit: maybe you are right about the lack of genetic info, if this account is correct (unless the researcher didn’t pay full price, and only got the metadata): https://therecord.media/scraping-incident-genetic-testing-si...