Any online service you use is volatile to your password being stolen. In this case they just got the encrypted database, but with those remote services you usually run a browser extension. They're updated automatically, so you as a user would not even know if someone manages to smuggle password stealing code in there. The best password manager is one that is run on your local device only. If you use a good master password, you don't have to be concerned about your password database being synced over untrusted cloud storage providers.

End to end encrypted providers do exist though.

The people that stole the databases are not after anyones password specifically. They're running a huge password list against them and take what they can. data breaches usually work like this.