Oh for the love of god, this is way out of hand.
They weren't "hacked", they saw a tiny anomaly in their network traffic (which honestly, most companies wouldn't even have noticed), and decided to notify you about it and handle it in the most paranoid way possible. It's such a small thing that I wouldn't have expected most companies to even tell anyone it happened.
But somehow them behaving in a very commendable way for a security company has blown up into an absolute PR nightmare for them, with sites like BusinessWeek posting articles with the title "LastPass Loses Passwords for 1.25 Million Customers"
, which aren't even remotely correct. This
is why companies don't disclose security breaches, because people are too dumb to understand the details, it gets sensationalized for no reason, and comes back to bite them hard.
Their implementation of this was pretty poor (trying to force almost everyone to change their password, when their server can't handle password changes at that rate), but their overall intentions were extremely good, and only make me even more confident in their service.