LastPass appears to be holding users' passwords hostage alongside more expensive pricing plans
LastPass is likely knowingly restricting users from exporting their passwords while putting their new pricing plan into effect. This makes the user have to choose between paying an increased price for LastPass or losing access to all of their online accounts. If this is true, they are in major violation of Article 20 of the GDPR.
As discussed on the r/software subreddit, LastPass is using multiple tactics to trap users into their ecosystem:
"• Only making the export function available via the desktop browser plugin, despite locking peoples accounts to either Desktop or Mobile after 3 switches between these platforms. • Accidentally on purpose having a "bug" in the desktop broswer plugin that stops people who's accounts are locked to their mobile devices from being able to export their data. • Accidentally on purpose having another "bug" in the desktop browser plugin that means export of data from the desktop browser plugins doesn't work anyway • Having no formal support channel to resolve this issue, forcing people to create a separate account to access the "community" forums where you can post about how LastPass are illegally holding your data hostage and hope that someone from the company will respond."
If this is an intentional tactic being employed by LastPass, they could be subject to administrative fines up to 20,000,000 EUR or 4% of the total worldwide annual turnover of the last financial year (whichever of the two is higher). This also makes it possible for European users to report them to member nations' data protection authorities. They can also be reported to the United Kingdom's Information Commissioner's Office.
Recommended open source alternatives to LastPass include Bitwarden and KeePass.
Further coverage: r/software Reddit (comment with privacy actions for users)