How would the hacker know beforehand it it was even worth getting into the account to get a look-see. First, he would have to know the account existed then, by happenstance, find the PW(s), then try them, all the long not only hoping that it works, but that it was all worth his time.
~Bruno~
We know that an email account was breached in order to effect the Rackspace compromise. That would have given the Rackspace hacker to the email communications for the mailing list, among other things. I have little doubt that the existence of the LastPass account has probably been discussed in internal emails.
Again, Zhou has already said that whoever perpetrated the Rackspace hack had enough information to compromise the MtGox account. They may have waited to make an attempt until they knew funds had been moved there (which was obvious once refunds were being made). Just because you assume that people will change credentials after an attack doesn't mean it will happen, and there's nothing to be lost by seeing if the credentials you've obtained will work. The source code leak confirmed that the MtGox API key hadn't been changed - this could have encouraged the Rackspace hacker (or someone else with whom he shared the information he'd obtained during the hack) to see what else hadn't been changed.
To a large extent, exploiting vulnerabilities involves a lot of poking around for holes you
don't expect to find rather than creating sophisticated means to overcome security measures which do exist.