I don't buy LastPass' statement that this breach of master passwords was due to credential stuffing. If that were the case, then LastPass users who feel victim would have been using their master passwords for something else. The victims who posted in the HN thread specifically said they did not do that.
#cososec
LastPass Says It Didn’t Leak Your Master Password
https://www.howtogeek.com/776450/lastpass-says-it-didnt-leak-your-master-password/
"But while LastPass claims the recent account compromises was the result of a credential stuffing attack, after this article went live, security researcher Bob Diachenko suggested that this might not be necessarily true, and that hackers simply used a database that leaked from a malware operation, which appears to have also contained LastPass account master passwords."
https://therecord.media/lastpass-confirms-credential-stuffing-attack-against-some-of-its-users/