A short recap for newcomers looking for "support". They have stolen all our Lastpass content in 2022, the truth has been known now in March 2023.
Our email, phone, address, URLS (not encrypted!) and other private data are in the hands of third parties. This company that boasts zero knowledge has ripped us off. This is a scandal. GET OUT AS SOON AS POSSIBLE, change all your passwords. Join the class action lawsuit. SHAME!
First, the breach happened in August 2022.
Second, treat any password management app and site as if it were a financial institution. Use only very strong passwords for those apps and sites, such as from RandomPasswordGenerator, and change them every 3-6 months.
For example, we check all the boxes on RandomPasswordGenerator and include numbers, upper- and lowercase letters, and special symbols (as permitted by the sites we use). We usually have 16-character passwords.
If one does that, it makes it very difficult for anyone to gain access to one's information.
@J-and-N-Larson I think you missed the point that LastPass does not encrypt our URL data and other types of metadata. It doesn't matter how good our master password was: criminals now have access to ALL our URLs that were stored in plain text. They know every web site that we stored in LastPass and even the web sites that we told LastPass to ignore. And not only the web sites, but the URL parameters that are after the URL. For weak websites there can even be a password in there or a password reset link.