LastPass Warns of Fake Maintenance Messages Tricking Users Into Stealing Master Passwords
The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users.
The phishing emails employ social engineering tactics by creating artificial urgency and falsely claiming that LastPass maintenance requires customers to back up their vaults within 24 hours.
LastPass explicitly confirms it never requests customer master passwords or demands immediate vault backups via email.
The campaign strategically launched over the U.S. holiday weekend, a deliberate timing choice designed to exploit reduced security staffing and delayed incident response.
Threat actors commonly exploit such windows to maximize the success rate of compromise before detection.
The phishing infrastructure consists of two primary components: an initial redirect hosted on compromised AWS S3 infrastructure and a spoofed domain designed to mimic legitimate LastPass services.
| Indicator Type | Value | Details |
|---|---|---|
| Phishing URL (Primary) | group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf | Initial redirect (AWS S3) |
| Serving IP Address | 52.95.155[.]90 | Associated with primary URL |
| Spoofed Domain | mail-lastpass[.]com | Redirect destination |
| Associated IPs | 104.21.86[.]78, 172.67.216[.]232, 188.114.97[.]3 | Multiple C2 endpoints |
| Sender Addresses | support@sr22vegas[.]com, support@lastpass[.]server8, support@lastpass[.]server7, support@lastpass[.]server3 | Spoofed headers |
Users should immediately delete any emails claiming to require LastPass maintenance. Legitimate LastPass communications never request master passwords, vault backups, or urgent action via unsolicited emails.
Organizations should implement email security controls to block messages from the identified sender addresses and educate staff on phishing indicators, including artificially urgent language and requests for sensitive credentials.
LastPass is coordinating with third-party partners to take down the malicious infrastructure. Users who received these emails are encouraged to report them directly to abuse@lastpass.com for analysis and tracking.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post LastPass Warns of Fake Maintenance Messages Tricking Users Into Stealing Master Passwords appeared first on Cyber Security News.
The US faces a literacy crisis that is closely tied to ongoing educational challenges. Many…
The US faces a literacy crisis that is closely tied to ongoing educational challenges. Many…
For the past 10 years, e-commerce growth was mostly about finding new customers. Success was…
How AI-native engineering rewrites talent, enterprise decisions and operating leverage For the last three decades,…
As Artificial Intelligence (AI) becomes embedded in global infrastructure – from financial systems and supply…
When entrepreneurs ask me about building for acquisition, I tell them the same thing: start…
This website uses cookies.