The short reply to this problem is that everyone will most likely be fine and you should at the very least change your master password. Best practices recommends you change all your passwords.
Now, let's examine what happened and the statement issued by LastPass, shall we?
Very, very few cyber-attacks are witnessed and monitored first-hand by human eyes on the scene to watch what the hacker does as events unfold. Nearly all attacks are examined by a security team after the fact by analyzing server logs and a bunch of other forensic analysis techniques. These methods are not fool-proof. Some hackers are good enough to erase their tracks behind them either partially or completely.
LastPass's interpretation of events is most likely accurate, but there is a margin of error. Something could have been missed or something misinterpreted. We're all humans and we all make mistakes.
Now I'm sure that LastPass's security team analyzed everything to the best of their ability and made a comprehensive report of everything they know happened, everything they know didn't happen, everything that that probably happened, and everythign that probably didn't happen. However, the public does not get access to that report.
That report goes to the legal team who examines it and decides what needs to be legally disclosed and what doesn't need to necessarily be divulged as it may hurt the corporate image and they compose a detailed report of the facts. However, we don''t get to see that report, either.
That report goes to the principals, executives, and the board of directors of LastPass for further scrutiny and for a verdict on what needs to be divulged to the public. Yeah....we don't get to see that one, either.
Finally, that report comes down off the mountain-top where it lands in the marketing department who puts their own special spin on things to minimize anything that might appear apocalyptic.
That's the announcement the public sees.
Everyone is free to analyze what has transpired and make their own decisions, but if I were a LastPass customer I'd be considering alternatives because this is not their first security breach. Even if nothing was compromised this time or the last, hackers greatest asset is that they have time on their hands. Lots of it. Sooner or later if they are determined enough, they'll find their way in.
In security circles, there is an anecdote that is always said in jest that there are two different kinds of companies in the world: the ones that have been hacked by the Chinese and the ones that don't know they've been hacked by the Chinese.
Safeguard your data the best way you see fit is my advice. Only you can decide how important your data is.