As breaches go, this one is pretty disturbing. Not just for the sensitivity of the stolen data, but also because of the poor disclosure practises followed by LastPass
This is why I don’t use cloud services to manage my banking passwords (I use KeePass, and I store the database in a git repo, so I can see the change histories when syncing between devices). I still use Chrome to manage all other passwords though – hopefully the combination of Google’s security practices and 2FA will keep all the other accounts that I care about secure.
I just saw in this thread that you used to be a LastPass user. Were you able to ask them to delete all of your passwords when you switched?
Unfortunately, I didn’t delete my account when I switched, so my vault was still on their systems. While I have a five-word passphrase, so not immediately worried about the entire vault being brute-forced, the plaintext URL storage does give me a bit of discomfort.
I’ve terminated my account now, although that particular horse has already bolted