between $1,000 and $10,000 for a subset of the data

TechCrunch found that another hacker on a different hacking forum had advertised even more allegedly stolen user data two months before the advertisement that was initially reported by news outlets in October.

In that first advertisement, the hacker claimed to have 300 terabytes of stolen 23andMe user data, and asked for $50 million to sell the whole database, or between $1,000 and $10,000 for a subset of the data.

In response to the data breach, on October 10, 23andMe forced users to reset and change their passwords and encouraged them to turn on multi-factor authentication.