LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

Posted on By CWS

Ravie LakshmananJan 21, 2026Email Safety / Malware
LastPass is alerting customers to a brand new energetic phishing marketing campaign that is impersonating the password administration service, which goals to trick customers into giving up their grasp passwords.
The marketing campaign, which started on or round January 19, 2026, includes sending phishing emails claiming upcoming upkeep and urging them to create an area backup of their password vaults within the subsequent 24 hours. The messages, LastPass mentioned, include the next topic strains –

LastPass Infrastructure Replace: Safe Your Vault Now
Your Knowledge, Your Safety: Create a Backup Earlier than Upkeep
Do not Miss Out: Backup Your Vault Earlier than Upkeep
Vital: LastPass Upkeep & Your Vault Safety
Shield Your Passwords: Backup Your Vault (24-Hour Window)

The emails are designed to steer unsuspecting customers to a phishing website (“group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”) that then redirects to the area “mail-lastpass[.]com.”
The corporate emphasised that it’s going to by no means ask customers for his or her grasp passwords and that it is working with third-party companions to take the malicious infrastructure down. It has additionally shared the e-mail addresses from which the messages originate –

assist@sr22vegas[.]com
assist@lastpass[.]server8
assist@lastpass[.]server7
assist@lastpass[.]server3

“This marketing campaign is designed to create a false sense of urgency, which is among the commonest and efficient techniques we see in phishing assaults, a spokesperson for the Menace Intelligence, Mitigation, and Escalation (TIME) crew at LastPass informed The Hacker Information in an announcement.
“We would like prospects and the broader safety neighborhood to bear in mind that LastPass won’t ever ask for his or her grasp password or demand speedy motion beneath a decent deadline. We thank our prospects for staying vigilant and persevering with to report suspicious exercise.”
The event comes months after LastPass cautioned customers of an information-stealing marketing campaign concentrating on Apple macOS customers by pretend GitHub repositories that distribute malware-laced packages masquerading because the password supervisor and different well-liked software program.

The Hacker News Tags:, , , , , , , ,

Related Posts

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea The Hacker News
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware The Hacker News
Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid The Hacker News
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited The Hacker News
CISO’s Guide To Web Privacy Validation And Why It’s Important CISO’s Guide To Web Privacy Validation And Why It’s Important The Hacker News
TA446 Uses DarkSword Exploit in Spear-Phishing Campaign TA446 Uses DarkSword Exploit in Spear-Phishing Campaign The Hacker News