I’ve been tracking this on Mastodon. I’d started using LP when it first was introduced, but jumped away when they were acquired by private equity (my opinion at the time - which hasn’t changed - was that PE tends to be extractive, so current issues weren’t going to be fixed - and looking retrospectively they haven’t been). There were and still are multiple vulnerabilities; most notably, in the local LP store, only some fields are encrypted - rather than the entire file.

That said, *everybody* gets hacked eventually. The key isn't whether they've been hacked, but how quickly they notified users that they'd need to change passwords. I'll give them minor credit for having admitted to it at all - but by the time they let users know it was entirely too late.