Connect with us

Cybersecurity News

LastPass Warns Users of Phishing Campaign Targeting Master Passwords

Published

2 months ago

on

LastPass has issued a warning about a new phishing campaign impersonating the password management service, aiming to trick users into revealing their master passwords.

The campaign, active since around January 19, 2026, sends emails claiming upcoming maintenance and urging users to create a local backup of their password vaults within 24 hours.

Phishing Tactics Observed

Common email subject lines include:

  • LastPass Infrastructure Update: Secure Your Vault Now
  • Your Data, Your Protection: Create a Backup Before Maintenance
  • Important: LastPass Maintenance & Your Vault Security
  • Protect Your Passwords: Backup Your Vault (24-Hour Window)

The emails direct recipients to a malicious site:

  • group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf → redirects to mail-lastpass[.]com

Known sender addresses:

  • support@sr22vegas[.]com
  • support@lastpass[.]server8
  • support@lastpass[.]server7
  • support@lastpass[.]server3

“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” said a spokesperson for LastPass’s Threat Intelligence, Mitigation, and Escalation (TIME) team.

Important Security Advice

  • LastPass will never ask for your master password.
  • Users should remain vigilant and report any suspicious emails.
  • The company is actively working with partners to take down malicious infrastructure.

Updated Campaign Activity

As of January 22, 2026, new phishing emails have been observed using different URLs after the original infrastructure was removed.

New phishing sites:

  • systems-resources.s3.eu-west-3.amazonaws[.]com/sSvLaIvIEm5iMal
  • security-lastpass[.]com

New email subjects:

  • LastPass Server Maintenance: Backup Recommended
  • Critical: Please Backup Your LastPass Vault Before Maintenance
  • LastPass Maintenance: Secure Your Data Today

“LastPass will never demand immediate action under a tight deadline,” the TIME team emphasized.

Context and History

This campaign follows previous LastPass warnings, including a macOS-targeted malware campaign leveraging fake GitHub repositories distributing malicious software masquerading as LastPass and other popular apps.

Key Takeaways:

  1. Be suspicious of emails urging immediate action for maintenance or backups.
  2. Always verify URLs and sender addresses.
  3. Master passwords should never be shared, even in emails claiming to be from LastPass.

Post Views: 15
Related Topics:
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO