The “hacker” gained access with a valid username and password gained from a completely unrelated leak because users were reusing passwords, logging in using a botnet & VPN to spread them out so they looked legit to 23andme. They then “hacked” the user data by going into the opt-in feature of the site that specifically you have to agree to share your data with any person they believe to be related to you, and read what it said.
So about as much as I hacked my school principals emails as a kid by reading the password of a teacher on a post-it note and opening their email client to see what messages the principal had sent them.
The “hacker” gained access with a valid username and password gained from a completely unrelated leak because users were reusing passwords, logging in using a botnet & VPN to spread them out so they looked legit to 23andme. They then “hacked” the user data by going into the opt-in feature of the site that specifically you have to agree to share your data with any person they believe to be related to you, and read what it said.
So about as much as I hacked my school principals emails as a kid by reading the password of a teacher on a post-it note and opening their email client to see what messages the principal had sent them.