Good point, just added that to my comment as well.

FWIW, 23andme isn’t saying this just out of the blue, but to defend themselves in court from being sued by people who lost their data because of people reusing passwords.

Honestly everyone sucks here. Don’t reuse passwords for anything remotely important. And, don’t allow people to sign in to any remotely-important web service without 2FA. (Edit: And, if you are going to be sloppy protecting your users from having their accounts broken into, don’t give users access to every other relative’s data for no particular reason.)

Passwords aside, I’d never in a million years entrust my DNA information to some random outfit on the internet and assume that good things would happen to it, but that’s just me.