First question right off the bat for anyone concerned: Lastpass claims that master passwords and encrypted user data was never compromised. See: https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Only offline a database is safe.
Just make sure you back it up to multiple places, and keep the backups up to date.
Yeah, that can easily be done by Syncthing. It’s basically online, but if you set up your own discovery server and disable relays for syncing, there’s virtually no way apart from completely breaking TLS to get the data.
Again? This is at least two times now. I switched to Buttercup because they just use a file you upload to any cloud service (you can even set up your own webdav if you don’t want any company having that file).
Edit: Oh I see. This hack is worse, last time I heard it was leaked passwords and emails.
The same (and much worse) could happen to Bitwarden, at the end password manager services have highly valuable assets and malicious actors will try to attack them. When using a local password manager like KeePassXC, there’s not a single server storing thousands of passwords databases, just one stored locally and off-line in your computer, significantly reducing the risk.
