23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating¬†on hacker forums and attributes the leak to a credential-stuffing attack. […]

from https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/