LastPass phishing scam targets users, seeks master passwords

LastPass warned customers on Jan. 19, 2026, about an active phishing campaign that attempts to steal master passwords, according to LastPass. Attackers send emails claiming upcoming maintenance and urging recipients to create a local backup within 24 hours.

The phishing messages use subject lines such as “LastPass Infrastructure Update: Secure Your Vault Now” and “Protect Your Passwords: Backup Your Vault (24-Hour Window).” Recipients are steered to a phishing site at group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf, which then redirects to the fake domain mail-lastpass[.]com.

LastPass provided the sender addresses used in the campaign: support@sr22vegas[.]com, support@lastpass[.]server8, support@lastpass[.]server7, and support@lastpass[.]server3. The company emphasized that it will never ask users for their master passwords and is collaborating with third parties to take down the malicious infrastructure.

A spokesperson for the Threat Intelligence, Mitigation, and Escalation (TIME) team at LastPass said: “This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks.” The company asked customers to remain vigilant and continue reporting suspicious activity.

This incident follows a previous warning from LastPass about an information-stealing campaign that targeted macOS users with fake GitHub repositories distributing Malware disguised as the password manager and other applications.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Shiba Inu Plummets 60% in Year – Swing Traders Eye 36% Rise!
• CBI bought $507M in USDT to shore up rial via Nobitex bridge
• Google.org backs Sundance with $2M to train 100,000 artists.
• Silver’s AI Demand Edge Unveils Secret Gold Investors Miss!!
• Altman Rebukes Musk, Defends ChatGPT Amid Death Claims Today