LastPass issues alert as customers targeted in new phishing campaign
The company says messages claiming that LastPass users need to backup vaults are false
LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign.
The password management firm said emails claiming the site is due to undergo maintenance have been circulating since 19 January. The messages include prompts for customers to backup vaults within the next 24 hours, LastPass revealed.
"Please be advised that LastPass is NOT asking customers to backup their vaults in the next 24 hours; rather, this is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails," said the firm in a statement.
The emails come with several different subject lines, including:
- "LastPass Infrastructure Update: Secure Your Vault Now”
- “Your Data, Your Protection: Create a Backup Before Maintenance”
- “Don’t Miss Out: Backup Your Vault Before Maintenance”
- “Important: LastPass Maintenance & Your Vault Security”
- “Protect Your Passwords: Backup Your Vault (24-Hour Window)”.
The sender addresses are support@sr22vegas[.]com and support@lastpass[.]server8/server7/server3.
IPs associated with the campaign include 192.168.16[.]19 and 172.23.182.202, LastPass confirmed.
How to spot the fake LastPass emails
The emails claim that a “legacy access” request has been opened – often using alarming language, such as even informing recipients they may be deceased – and include fake case details to appear legitimate.
Victims are directed to a fraudulent LastPass website that looks like the real thing, hosted at “group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”, which then redirects to “mail-lastpass[.]com.”
Here they are prompted to enter their credentials. In some cases, the attackers also follow up with phone calls to increase pressure.
“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” said a spokesperson for the threat intelligence, mitigation, and esalaction (TIME) team at LastPass.
“We want customers and the broader security community to be aware that LastPass will never ask for their master password or demand immediate action under a tight deadline. We thank our customers for staying vigilant and continuing to report suspicious activity.”
LastPass campaign looks to catch users off-guard
Notably, the campaign was timed for a holiday weekend in the US, probably in the hopes that this would mean reduced staffing levels that could delay detection and draw out response time.
"Please remember that no one at LastPass will ever ask for your master password. Rest assured, we are working with our third-party partners to have this domain taken down as soon as possible," said the firm.
"In the meantime, please take the appropriate precautions and, as always, if you are ever unsure whether a LastPass branded email is legitimate, submit it to abuse@lastpass.com."
The latest advisory marks the second time in six months that LastPass has been forced to put out an alert like this. A phishing campaign in October 2025 used similar tactics, claiming that the company had been hacked.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Organizations hit by 90 zero-day vulnerabilities last yearNews Google Threat Intelligence researchers warn that edge devices and security appliances are prime entry points
-
Major data leak forum taken downNews LeakBase enabled the sale and purchase of a huge amount of personal data and had more than 142,000 members
-
LastPass issues alert as customers face second major phishing campaign of 2026News The campaign is the third to hit LastPass users in six months
-
A single compromised account gave hackers access to 1.2 million French banking recordsNews Ficoba has warned that “numerous” scams are already in circulation following the data breach
-
Starkiller: Cyber experts issue warning over new phishing kit that proxies real login pagesNews The Starkiller package offers monthly framework updates and documentation, meaning no technical ability is needed
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Security experts warn Substack users to brace for phishing attacks after breachNews Substack CEO Christ Best confirmed the incident occurred in October 2025
