Perceptive Security
SOC/SIEM Consultancy
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
Published:
21 January 2026 at 06:40:00
Alert date:
21 January 2026 at 07:01:25
Source:
thehackernews.com
Identity & Access, Email & Messaging, Security Tools
LastPass is warning users about an active phishing campaign that began around January 19, 2026. The attackers are impersonating LastPass and sending fake maintenance emails to trick users into revealing their master passwords. The phishing emails claim there is upcoming maintenance and urgently request users to create a local backup of their password vaults within 24 hours. This is an active threat targeting LastPass users specifically to compromise their master passwords and potentially gain access to all stored credentials.
Technical details
Phishing campaign active since January 19, 2026, impersonating LastPass with fake maintenance emails. Campaign uses false urgency tactics claiming users need to create local backups within 24 hours. Emails redirect users through Amazon S3 staging site (group-content-gen2.s3.eu-west-3.amazonaws.com/5yaVgx51ZzGf) to phishing domain mail-lastpass.com to steal master passwords.
Mitigation steps:
Be aware that LastPass will never ask for master passwords or demand immediate action under tight deadlines. Stay vigilant and report suspicious activity. LastPass is working with third-party partners to take down malicious infrastructure.
Affected products:
LastPass password manager
Related links:
https://blog.lastpass.com/posts/new-phishing-campaign-targeting-lastpass-customers
https://www.virustotal.com/gui/domain/mail-lastpass.com/details
https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html
Related CVE's:
Related threat actors:
IOC's:
group-content-gen2.s3.eu-west-3.amazonaws.com/5yaVgx51ZzGf, mail-lastpass.com, support@sr22vegas.com, support@lastpass.server8, support@lastpass.server7, support@lastpass.server3
This article was created with the assistance of AI technology by Perceptive.