Dan Kendalls' Fluff

Still LastPass don't care about their customers security.

It would be trivial to scan your customers for those whose passwords are weak and/or hashed weakly. Lastpass old customers have pathetically weak hashes.

Kendall explains: If you care about security you do not store passwords directly but some maths on it and store the result so it is harder to reverse. Weak hashes essentially mean you do basic operations and only a limited number of times. This in turn poses a security risk.

Force those customers to re-encrypt with a 16 character password!

Never use LastPass use Bitwarden, independently audited and you can run your own server so if the worst does happen you don't store your passwords on the cloud at all

The cloud is just someone elses computer