There were accounts with as few as 1 (yes, 1) PBKDF2 iterations[1]. Others changed theirs to over 300k but it still ended up only being 5000 in reality[2].

So despite the messaging from LastPass about improving iteration count for existing users it wasn't always accurate.

[1] https://news.ycombinator.com/item?id=34152779

[2] https://www.reddit.com/r/Lastpass/comments/zuve7t/cracking_e...

Yeah you’re right— sounds like accounts made prior to Feb 2018 were lower than 100,100. Yikes! Updated my post.

Mine had iteration count 1. I was livid when I found out. Fucking amateurs taking on the responsibility to safeguard everyone's passwords