“all the other parts are working correctly”, is IMHO the issue here, because LastPass doesn’t consider the URL to be sensitive material.
What I think that means is in this breach the bad actor has your account information like emails and IP addresses used to access the vault, but can WITHOUT any brute force also determine every site the vault has an entry to access.
The consequences of that could be severe for some. Did you tell your wife about that account on Hinge or Grindr? Perhaps you live somewhere where being out isn’t an option and could get you killed? Do you have an account on some site or other which primarily exists to leak to journalists?
What I think that means is in this breach the bad actor has your account information like emails and IP addresses used to access the vault, but can WITHOUT any brute force also determine every site the vault has an entry to access.
The consequences of that could be severe for some. Did you tell your wife about that account on Hinge or Grindr? Perhaps you live somewhere where being out isn’t an option and could get you killed? Do you have an account on some site or other which primarily exists to leak to journalists?