• Posted by: Eng. Donya Bino
• January 21, 2026

LastPass Phishing Alert: Master Passwords Targeted by Active Scam

As of January 19, 2026, LastPass has begun notifying customers of an increasing number of phishing emails targeting their customers. As part of this attack, the attacker attempts to create a sense of urgency surrounding the need to “backup your Vault” to “keep your data safe.” 

By doing so, they hope to gain access to customers’ master passwords by convincing them that if they do not act quickly, their data will be lost forever. The attacker will attempt to obtain the master password by sending fraudulent "back up your vaults" emails directing the recipient to a fraudulent website to obtain the email recipient's credentials.

Phishing Attack Examples
Some examples of phishing emails that have been reported include:
1. LastPass Infrastructure Update: Protect Your Vault Now
2. Your Data, Your Protection: Create a Backup Before Maintenance
3. Don't Miss Out: Backup Your Vault Before Maintenance
4. Important: LastPass Maintenance & Your Vault Security
5. Protect Your Passwords: Backup Your Vault (24-Hour Window)
Recipients are redirected through a fake S3 bucket URL (group-content-gen2.s3.eu-west-3.amazonaws.com/5yaVgx51ZzGf) and ultimately land on a malicious domain: mail-lastpass[.]com.

Emails originate from suspicious addresses such as:
1. support@sr22vegas[.]com
2. support@lastpass[.]server8
3. support@lastpass[.]server7
4. support@lastpass[.]server3
Essentially, LastPass will never solicit your master password or present you a 24-hour ultimatum to do something.

Risks and Tactics
The phishing campaign employed methods typical of phishing by engaging in the following techniques:
1. The use of a false sense of urgency (i.e., informing users that their LastPass account is at risk because of an email they did not request).
2. Pretending to be a reputable company.
3. Guiding users to view a fake phishing URL.
4. Expecting to obtain users' master passwords.
Attackers who are successful would then be able to open users' entire vaults of passwords and potentially have access to their email, banking, and social networking accounts.

Recommendations
Users should follow these guidelines:
1. Do not input your master password from email links.
2. Validate your URL before entering in your login and password. A legitimate LastPass page can always be found at lastpass.com.
3. Turn on multi-factor authentication for your LastPass account.
4. Notify LastPass of any unusual emails using security@lastpass.com.
5. Utilize browser extensions that protect against phishing and provide filters to identify and eliminate malicious emails.

Password managers continue to fall victim to phishing. Password managers contain highly valuable information. Users should always remain vigilant, ensure that they follow safe and secure authentication, and be aware of phishing schemes as preventative measures.

Source: The Hacker News