[alexhjones]

I might be misunderstanding, but if the url was adobe.com, then it would be possible to find the corresponding password from that adobe breach for the same email address (not trivial, but if someone moves in the right circles I assume they could get a whole host of the big breaches in a searchable format).

A subset of users might have reused the breached password(s) for their lastpass master password.

Not sure if you could also feed the breached passwords into the brute force tool to give it a headstart, in case they did a slight variation on a breached password for the lastpass master password.