The presence of a master‑password hash (bcrypt) suggested that the attacker had from LastPass’s server or a client machine, rather than just stealing the exported vault.
: Automatically fills in your login credentials for websites and apps. site%3apastebin.com+lastpass.com
