LastPass is warning its users about an active phishing operation in which attackers are impersonating the password manager in an effort to steal users’ master passwords.
The fraudulent campaign, which began around January 19, 2026, sends emails that claim LastPass will undergo maintenance and urges recipients to create a local backup of their password vaults within 24 hours. According to LastPass, the phishing emails have been observed using subject lines such as:
- LastPass Infrastructure Update: Secure Your Vault Now
- Your Data, Your Protection: Create a Backup Before Maintenance
- Don't Miss Out: Backup Your Vault Before Maintenance
- Important: LastPass Maintenance & Your Vault Security
- Protect Your Passwords: Backup Your Vault (24-Hour Window)
These messages attempt to lure victims to a phishing page hosted at group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf, which then redirects to the spoofed domain mail-lastpass[.]com. LastPass stressed that it never asks users for their master passwords, and the company is working with external partners to dismantle the malicious infrastructure. It also published several sender addresses associated with the campaign:
- support@sr22vegas[.]com
- support@lastpass[.]server8
- support@lastpass[.]server7
- support@lastpass[.]server3
“This attack relies on creating a false sense of urgency, which remains one of the most common and effective phishing techniques,” a spokesperson for LastPass’s Threat Intelligence, Mitigation, and Escalation
“We want customers and the wider security community to remember that LastPass will never request a master password or demand immediate action under pressure. We appreciate users who stay alert and continue to report suspicious communication.”
This incident follows a previous warning from the company several months earlier, when LastPass alerted users to an infostealer campaign targeting macOS systems. That attack involved fake GitHub repositories distributing trojanized applications disguised as LastPass and other popular software.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
