@ocdtrekkie Fortunately, the passwords themselves, while in the hands of bad actors now, are encrypted and should be mathematically unbreakable (if I understand correctly, the encryption algorithm is good enough... Assuming, of course, they didn't screw anything up with the implementation).

But the immediate concern is that a lot of data wasn't encrypted, like the plain text domain names. So the data set serves as a giant map from users to the websites they frequent.