any company that stuck around (or began using) lastpass after vaults were leaked probably does not care about this one at all, considering its just CRM data.

i can sympathize a little bit with companies that stick with lastpass. when i had to switch an org from lastpass to 1password, it was a massive undertaking and incredibly annoying. however, i have no sympathy for anyone who has chosen lastpass after 2022.

Agreed.

The non-story here is the data is of minor criticality.

The real story is is that however minor, you expect LastPass to be better. They’re a password storage company, in order to be trusted they need to be better than this.