All dark web alerts should check to see if the account on the compromised list is even in LastPass. I recently got an email from you and went to the site (I do not remember ever having an account on it) and had to enter verifiable info (understandable if I had an account). But on the last screen it said CREATE ACCOUNT. In other words, they captured several pieces of identity from me in the process. To me, it seems like a sort of phishing attack initiated from the LastPass email. Anyone on the dark web can mix and match emails and sites to create bogus lists to sell. LastPass should create an option check box to only alert a user IF the site is in the LastPass database. If it is not there, I do not care what list it is on. It is bogus. In this case, I am now less secure because of the dark web email alert than I was before!