Agreed, in fact LastPass should be heavily fined for this and be forced to go out of business if things don't provably change within a reasonable timeframe.
They tout on their website that they get third party assurance testing done and yet none of it matters if we can’t see the actual reports.
I just can’t believe more people aren’t enraged about it. Or that people aren’t seeking to sue, purely based on that. Zero trust architecture is fine if you’re breached that’s the whole point, but saying that the information within the vault is encrypted when parts of it aren’t is downright malicious.