LastPass warns users about an ongoing phishing campaign using fake maintenance alerts to steal master passwords through urgent email requests.
Password manager LastPass has issued an alert about an active phishing campaign impersonating its service, specifically targeting users' master passwords through deceptive maintenance notifications. Security teams confirm the campaign began around January 19, 2026, using emails designed to create false urgency around password vault backups.
The fraudulent messages use alarming subject lines including:
- 'LastPass Infrastructure Update: Secure Your Vault Now'
- 'Your Data, Your Protection: Create a Backup Before Maintenance'
- 'Important: LastPass Maintenance & Your Vault Security'
Recipients are directed to a phishing domain (mail-lastpass[.]com) via intermediate infrastructure hosted on AWS. This multi-layered approach aims to bypass security filters while creating a facade of legitimacy.
A spokesperson from LastPass's Threat Intelligence, Mitigation, and Escalation (TIME) team emphasized: "This campaign exploits urgency, one of phishing's most effective tactics. Users should know we never request master passwords or impose immediate action deadlines."
Practical Protection Measures
- Verify sender authenticity: Legitimate LastPass communications always come from @lastpass.com domains. The current scam uses addresses like support@sr22vegas[.]com
- Never share credentials: LastPass staff will never ask for your master password under any circumstances
- Disable automatic redirects: Browser settings preventing automatic redirection can stop phishing landing pages from loading
- Report suspicious emails: Forward phishing attempts to LastPass's security team at [email protected]
- Enable multi-factor authentication: Adds critical protection even if credentials are compromised
This campaign follows recent macOS-targeted attacks where malware masqueraded as LastPass in fake GitHub repositories. LastPass confirms collaboration with third parties to dismantle the malicious infrastructure and advises users to remain vigilant against unexpected maintenance alerts.
For official communications, always refer to LastPass's security blog or contact support through verified channels within your account dashboard.
Comments
Please log in or register to join the discussion