I don’t think that’s correct. The test of the matter is I suppose whether, having stored a password in LastPass, you can retrieve the plaintext password.
I think the reference to “hash” is talking only about the master password i.e. the password that authenticates you to them, not talking about any of the actual stored passwords (which authenticate you to a myriad of other web sites etc.). Storing a (salted) hash of the master password on the server is completely standard for any best practice authentication password.
The article that you link to also explicitly talks about 256-bit AES encryption. I think it makes clear that stored passwords are stored encrypted. So not one-way (single direction) but instead reversible - but only reversible on the client.
That is more complicated than it needs to be, well sort of.
If a development account is penetrated (as appears to have been the case in this incident) and the intruder is able to modify the source code, build a new binary, and push it out to production (perhaps there are inadequate controls) then every customer will potentially have the bad software installed on his or her computer sooner or later.
This is basically how a software supply chain compromise works and is by no means unique as a possibility to this company.
The bad software is then able to carry out a range of nefarious activities e.g. exfiltrate any decrypted stored password, perhaps exfiltrate all stored passwords in plaintext, perhaps exfiltrate the entire encrypted password store along with sufficient information to decrypt it offline.
All the while still carrying out its normal function, so not obviously alerting the customer that something is wrong.
An encrypted password store is not a lot of data, depending of course on how many passwords you are storing, so it could be exfiltrated in the noise without attracting attention. It’s not like trying to exfiltrate a stolen 1 GB database without attracting attention.
Good point. Just another reason to avoid online password stores.
Possibly that can be partially mitigated if each client caches locally a copy of the encrypted data, in part or in full.
(Because the password store is encrypted on the client, the possibility exists for the password store also to be signed on the client. That means that even if the server is totally compromised, it cannot serve out altered or erased or corrupted information - or more specifically it can do so, but any such data will immediately be detected by the client as bad, and rejected.)