Comment by sleepychu

Lastpass does the crypto on the client side, your encrypted password database could have been leaked but if your master password is sufficiently strong then it will be hard to break.

That said if you reset all your current lastpass passwords with newly generated ones after changing your master password you'll protect yourself from any attack.