[omouse]

I use Keepassx and the only thing I use the cloud for is to store the password file which is encrypted by either a pass phrase or key file. LastPass always struck me as a dumb thing to use.

The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

Great so maybe you can't attack the stolen hashes (at least not all of them) but you can use this information for social engineering which narrows things down.

In my case, you'd have to break into SpiderOak and steal the passwords.kdb file and attack the hash, but at least that would only attack my passwords; you wouldn't have a target-rich environment.