It’s a big deal IMO, particularly because at login it doesn’t do the same. From the user perspective, your password has effectively been modified without your knowledge and no reasonable way of finding out. Good luck getting access to your account.
When a bank does this it should be considered gross negligence.

If their password was actually good (18+ random characters) it’s not feasible with current day technology to brute force, no matter how few PBKDF2 iterations were used.

Obviously it’s still a big issue because in many cases people don’t use strong enough passwords (and apparently LastPass stored some of the information in plaintext) but a strong password is still good protection provided the encryption algorithm doesn’t have any known exploitable weaknesses.

El psy kongroo

As always, the dose makes the poison.
A common scenario is people picking the wrong species and then not just eating a small bite, but cooking an entire meal and eating that.

A small bite may not kill you, but just one mushroom (50g) can be enough to do it.

There are some toxic mfs out there and they can be mistaken for edible lookalikes by inexperienced foragers.