the exposed passwords isn't even the worst part. it's the fact that user vaults sites are unencrypted so now attackers know every website that you thought was important enough to save.
they know what bank you use, which adult sites you visit, what medical conditions you might have
I understand that some people feel that that is sensitive data. It's not a big threat for me. My ISP and Google already has that data in many cases (IP destination data, DNS lookups, etc.) YMMV.
they know what bank you use, which adult sites you visit, what medical conditions you might have