> So yeah, for most users there's not a ton of risk, but for anyone with PWs of less than 11ish characters and/or a low degree of entropy, everything they stored is at risk.

They were always at risk though, it was always incredibly stupid to use short master passwords, it's not like we didn't know that. People who ignored the warnings and did it anyway knew exactly what they were signing up for in the event or a breach.