LastPass is warning its customers about an ongoing phishing attack that uses fraudulent emails to steal vault master passwords. The scam attempts to deceive users by claiming that immediate action is required to secure their data before a scheduled system update.
A new wave of phishing activity targeting LastPass users began in mid-January 2026, utilizing high-pressure tactics to harvest sensitive login credentials. These deceptive emails claim that the service is undergoing infrastructure maintenance and instruct recipients to create a local backup of their password vaults within a strict twenty-four-hour window. The messages often use urgent subject lines regarding vault security and data protection to trick individuals into acting quickly without verifying the source.
The fraudulent emails contain links that direct targets to a malicious site hosted on an Amazon S3 bucket, which then redirects to a spoofed domain designed to look like an official LastPass page. Once on the site, users are prompted to enter their master password, giving attackers full access to their stored credentials. Several specific sender addresses have been identified as part of this campaign, including various support handles at server-themed domains that do not belong to the official company.
In response to the threat, LastPass has clarified that it never asks customers to provide their master passwords through email or any other direct communication. The company is currently collaborating with external security partners to dismantle the digital infrastructure used by the scammers. Security experts noted that the campaign relies heavily on creating a false sense of urgency, which is a hallmark of successful social engineering attacks intended to bypass a user's normal caution.
This incident follows a pattern of sophisticated threats against password manager users, including a recent campaign that used fake software repositories on GitHub to spread malware to macOS systems. Those previous attacks often disguised malicious programs as legitimate productivity tools to compromise devices. By referencing these past events, security researchers highlight the persistent nature of these threats and the need for constant user vigilance when handling account security requests.
To stay safe, users are encouraged to ignore any emails demanding immediate password entry and to report suspicious messages directly through the official application. Maintaining a skeptical approach to unexpected maintenance notifications is the most effective way to prevent unauthorized access to a vault. LastPass continues to monitor for new variations of these phishing attempts to protect its user base from further exploitation.
Source: LastPass Warns Of Fake Maintenance Messages Targeting Master Passwords