The hackers initially got access to around 14,000 accounts using previously compromised login credentials, but they then used a feature of 23andMe to gain access to almost half of the company's user base, or about 7 million accounts
Is there more to the breach than just stolen passwords? What feature did they use and what access did they gain?
I recall from previous coverage of this that there is a social network feature in the site where you can voluntarily share your info with friends and family.
So 14,000 accounts got accessed via reused passwords and then that gave them access to 7 million people's data because they chose previously to share info with those 14,000.