There certainly are recommended actions to take, and not merely for people with overly simple master passwords or too low number of iterations. Sufficiently determined attackers will be able to decrypt the data for almost anyone. The question is merely whether it’s worth it for them.
So anybody who could be a high value target (activists, dissidents, company admins etc.) should strongly consider changing all their passwords right now. You could of course also consider switching to a competitor who in the case of a breach will be more concerned about keeping you safe than about saving their face