Kenn WhiteThe painful thing for LastPass users who did unfortunately reuse their master password on other sites is that this case is now an *offline* attack - which means 2FA or changing one's LastPass web password (or even master password) won't help much - the attackers have a point-in-time snapshot of all the credentials in those stolen vaults. And if you were using a weak (or worse, previously leaked) master password when they were stolen, you're screwed.
Adrian Sanabria@kennwhite it pains me that everyone is having to scramble now, 2 days before Christmas, when the data was stolen 4 months ago
These updates have hit both extremes. From, "we recommend you do nothing", to "it's all gone, I hope you chose a good password"
Hopefully it's China, so we don't have to worry about it getting bruteforced and dumped on the Internet 🤷