TL;DR: Last Pass is broken. All passwords at the time of the breach were taken. They also got internal secrets from a laptop and can now probably throw computational power at anything they want to decrypt.
Switch. Do not use. Change everything you have if you were using it. Treat everything as breached.
What you do is use one that has locally encrypted/decrypted databases and authentication and store the database as an encrypted file in a cloud storage service. The service itself therefore no longer matters, only keeping your master password safe matters and the file online is useless without your master password. The service therefore never holds even so much as keys for your database and it is impossible without compromising your end devices to access your passwords.
That's the same as a password manager but much less convenient. Password managers don't store keys in their database, your master password is the key.