> We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.

Sure sounds like they found passwords or keys in the development environment breach back in August, and nobody bothered to change those after knowing they were hacked.