I cannot talk about specifics obviously since I was an employee. I can only say I did not see the sw engineering and infrastructure rigour I'd expect from a service that is managing very sensitive information.
Sounds about right. Awhile back I noticed the LastPass password generator was not in fact outputting a random password but that at least a few characters of the password followed a predictable pattern.
I reported it and it was fixed, but it's beyond me how a supposedly security focused company can let such a severe bug in such an important yet simple feature get to production.
