"Zero knowledge means that no one has access to your master password or the data stored in your vault, except you. Not even LastPass."

That definitely cannot be true since they were storing URLs in vaults unencrypted. Seems like a class action lawsuit waiting to happen.

https://www.lastpass.com/security/zero-knowledge-security

> The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that *contains both unencrypted data, such as website URLs,* as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data

That's real bad - think blackmail material for important people.

Sounds like it technically was Zero Knowledge Architecture in the non-cryptographic sense.

Which is a shame, because zero-knowledge actually can mean something. But it's yet another term with actual value hijacked for marketing.