Most old accounts would probably never try to log in again anyway. After you learn that you're 3/64-ths Irish you've gotten what you wanted, why log in again?
Yeah I know there's the whole genetic disorder screening thing which might receive more updates in the future, but I think most of their customers probably did this for the novelty of knowing where they came from.
Oh, you lost your email account access? Please send a matching DNA sample and $99 to unlock your account.
I mean, 23andme has one of the ultimate methods of account recovery available to it. (ignoring that people tend to leave copies of their DNA everywhere, but then you could just mail that in under a John Doe and find out all the same info anyway).
Whatever way you put this, handling the support load of the few customers who can't log in - and by this argument aren't ever logging in anyway - is better than having this degree of PII leaked and the company reputation ruined.
Yeah I know there's the whole genetic disorder screening thing which might receive more updates in the future, but I think most of their customers probably did this for the novelty of knowing where they came from.