LastPass security company

There is an important distinction in the OP that the main stream media seem to miss or conveniently forget for ratings purposes. Lastpass passwords were NOT breached. The company was breached and encrypted master password hashes were taken. Although Lastpass will likely not admit their security posture publically, in all reality the contents of the vaults are likely stored in a secondary more secure network that only the servers that authenticate the master password on would have access to. Breaching the servers hosting the vaults would require penetrating multiple layers of security, like getting into the inner rings of the Pentagon. Lastpass as stated publically that the vaults were not part of the breach, thus there is no risk of an old copy of the master password being used later to get into a stolen copy of the vaults.

As mentioned in the news users are not at immediate threat of data theft, but are being told to change master passwords incase they find a way to crack the passwords from the information that was taken. Further if you have 2 factor authentication enabled, it would even more difficult to get access to the passwords.

With that said, their advice is obviously sound to change the master password on Lastpass and any other site that you use that same password on, this is not another Sony or Target, it only could be if a hacker finds/found a flaw/bug in their systems to gain access before people change their master passwords.