2. You are still in a way better position, having used a password manager, then you would have been if you just reused passwords or used some predictable scheme for them. This is NOT some kind of proof that password managers (even cloud password managers) are inherently a bad idea. The alternatives are worse.

3. Your passwords are now almost certainly crackable, particularly if you've had an account for a long time. It looks like LastPass has never upgraded the difficulty factor on their KDF, which is very bad. But "crackable" is not the same as "cracked". It is eminently possible to crack a password in a couple of days, but *each* password is going to take at least a few hours on some very high-end hardware; attackers will need to be motivated.

4. Don't panic. Find your highest-priority passwords, reset a few (the top 10, let's say) with your new password manager. But then, set a recurring task for yourself to reset 1 password every few days. Maybe for the short term make it 1 every day. But don't freak out and ruin your holiday resetting hundreds of passwords. It takes a distressing amount of time, and unless you're a really high-value target you're not going to be first on the list to get hacked.

5. Panic a *little* bit. Right now, today, you're at relatively low risk of having all your accounts compromised. In 6 months, you're going to be at very high risk. The data's out there, and attackers will be sifting through it. Take that recurring task seriously. Stick to it, and keep rotating credentials. Once you're through the backlog of this pile of LastPass stuff, keep doing it as basic infosec hygiene. Passwords should not last forever.