username, password, and password notes are encrypted. The website URL is only hex encoded so it might as well have been in plain text. In other words, hackers know which websites you have passwords for (so beware of phishing attacks) but if you have a strong enough master password, they are still probably trying to crack your vault. You can see for yourself what is encrypted by downloading your encrypted vault - this was a good article which helped me figure that out: https://palant.info/2022/12/24/what-data-does-lastpass-encrypt/

At any rate, going forward, 1password seems to be a better choice because of the additional secret key required to unlock the vault.

In the end, there is no substitute for a good, strong master password.