tbh even "Notice of Recent Security Incident [updated]" instead of "LastPass User Vaults stolen in recent hack" or something feels like PR damage control in favor to LastPass

I agree that corporate press releases usually bury the lede and, in the case of negative stories, are often outright misleading. For that reason we often change them (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...). I've used your suggestion above. Thanks!

If anyone suggests a better title (i.e. more accurate and neutral), we can change it again, and if there's a better third-party article that covers whatever the latest news on this is, we could switch to it.