LastPass has issued a warning about a new phishing campaign designed to steal users’ master passwords by impersonating the popular password management service.
How the Phishing Campaign Works
The campaign, active since around January 19, 2026, sends emails claiming upcoming maintenance and urging users to create a local backup of their password vaults within 24 hours. The phishing emails carry subject lines such as:
- LastPass Infrastructure Update: Secure Your Vault Now
- Your Data, Your Protection: Create a Backup Before Maintenance
- Don’t Miss Out: Backup Your Vault Before Maintenance
- Important: LastPass Maintenance & Your Vault Security
- Protect Your Passwords: Backup Your Vault (24-Hour Window)
Recipients are directed to a malicious phishing site at:
group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf
This site then redirects to mail-lastpass[.]com, attempting to trick users into revealing their master passwords.
Official Guidance from LastPass
LastPass emphasized that it will never ask for a master password and urged users to remain vigilant. The company is collaborating with third-party partners to take down the malicious infrastructure. The phishing emails originate from the following addresses:
- support@sr22vegas[.]com
- support@lastpass[.]server8
- support@lastpass[.]server7
- support@lastpass[.]server3
A spokesperson from LastPass’ Threat Intelligence, Mitigation, and Escalation (TIME) team said:
“This campaign is designed to create a false sense of urgency, one of the most common and effective phishing tactics. LastPass will never request your master password or demand immediate action under a tight deadline. We thank our customers for staying vigilant and reporting suspicious activity.”
Background
This alert follows earlier warnings from LastPass about campaigns targeting macOS users through malware-laced fake GitHub repositories, which impersonated popular software including password managers.
Users are advised to verify email sources, avoid clicking unknown links, and report suspicious messages to LastPass immediately.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
