And the fact that this employee, who was one of 4 that had access to these high security accounts, should have never crossed pass with anything resembling Plex on the same machine. This is about as security aware as pushing a wheelbarrow full of cash down the middle of the street in a gang infested area of town at 3:00am alone and unarmed.
This was from several months ago. The hacker was able to download copies of the customer vaults. The vaults were not completely encrypted. Account urls were plain text. Given this situation a hacker has no constraints and can unleash whatever brute force attempts they want with no operational system "slow downs"; and given plain text of what the accounts are they can target users with high value accounts and also formulate very detailed phishing attempts using this information to help the cause. Again, totally irresponsible. And even if you change the passwords and leave LastPass, this information is still in the hands of the hackers tied to you as the user that they can use to go after you with a phishing scheme.