On June 15, 2015, password manager LastPass made an announcement that its password database was hacked and some user account information had been stolen. Since LastPass has uses encryption and many layers of protection to slow down hackers, the damage will be minimal for LastPass users. While the hackers may have obtained the database of master passwords, they still don't have immediate access to everyone's passwords. That information has been encrypted, salted, and hashed, so it would take quite a bit of effort to break into it.
LastPass recommends that you change your master password and enable two factor authentication to keep your data safe. This will immediately make the data obtained by the hackers useless. And because hackers obtained user email addresses, it's recommended that you change the password at any other website where you've used that same password.
When creating a new password, it should be long and complex with numbers and special characters. Since a completely random password would be difficult to remember, there are some ways you can make it more memorable. Leo does not recommend just putting together a few dictionary words, however. Instead, think of a phrase or a song lyric. Use the first letter from each word in the phrase, capitalize some, and replace some of the letters with numbers. You could also attach your childhood phone number or school locker combination to it. Then you'll have a password you can easily recreate that will appear random to anyone else.
Despite the security breach at LastPass, Leo Laporte and security expert Steve Gibson still recommends using it. LastPass responded correctly by posting a blog post announcing the breach right away, and by changing your master password your vault of passwords will stay secure.