The large issue with the LastPass leak is that URLs were stored unencrypted. An attacker can use that with other related data (such as email addresses and contact information) to conduct spear phishing attacks.
You don't need to brute force a vault password to get a password, you just have to get enough information to claim to be the user or the service.
ColtonProvias t1_j1gpfkc wrote
Reply to comment by The_Countess in The Lastpass hack was worse than the company first reported by glawgii
The large issue with the LastPass leak is that URLs were stored unencrypted. An attacker can use that with other related data (such as email addresses and contact information) to conduct spear phishing attacks.
You don't need to brute force a vault password to get a password, you just have to get enough information to claim to be the user or the service.