It seems many of the non-compromised users had signed up for a data sharing feature meaning a lot of their data was visible via the compromised accounts -
https://customercare.23andme.com/hc/en-us/articles/115004659068-DNA-Relatives-The-Genetic-Relative-Basics
That seems to be where the millions comes from. That's what the original tech crunch article suggested anyway.
So there may be a case for them depending on the t&c's they agreed to when sharing with random users on the site anyway..
Biting the hand that feeds IT
