LastPass Warns of Fake Maintenance Messages Tricking Users Into Stealing Master Passwords
The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users.
The phishing emails employ social engineering tactics by creating artificial urgency and falsely claiming that LastPass maintenance requires customers to back up their vaults within 24 hours.
LastPass explicitly confirms it never requests customer master passwords or demands immediate vault backups via email.
The campaign strategically launched over the U.S. holiday weekend, a deliberate timing choice designed to exploit reduced security staffing and delayed incident response.
Threat actors commonly exploit such windows to maximize the success rate of compromise before detection.
The phishing infrastructure consists of two primary components: an initial redirect hosted on compromised AWS S3 infrastructure and a spoofed domain designed to mimic legitimate LastPass services.
| Indicator Type | Value | Details |
|---|---|---|
| Phishing URL (Primary) | group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf | Initial redirect (AWS S3) |
| Serving IP Address | 52.95.155[.]90 | Associated with primary URL |
| Spoofed Domain | mail-lastpass[.]com | Redirect destination |
| Associated IPs | 104.21.86[.]78, 172.67.216[.]232, 188.114.97[.]3 | Multiple C2 endpoints |
| Sender Addresses | support@sr22vegas[.]com, support@lastpass[.]server8, support@lastpass[.]server7, support@lastpass[.]server3 | Spoofed headers |
Users should immediately delete any emails claiming to require LastPass maintenance. Legitimate LastPass communications never request master passwords, vault backups, or urgent action via unsolicited emails.
Organizations should implement email security controls to block messages from the identified sender addresses and educate staff on phishing indicators, including artificially urgent language and requests for sensitive credentials.
LastPass is coordinating with third-party partners to take down the malicious infrastructure. Users who received these emails are encouraged to report them directly to abuse@lastpass.com for analysis and tracking.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post LastPass Warns of Fake Maintenance Messages Tricking Users Into Stealing Master Passwords appeared first on Cyber Security News.
All of the Sage Spirits you get to accompany you on your journey in The…
Xbox is adding a new Gamerscore-tracking feature for your console, allowing you to show off…
HBO Max has released the debut trailer for Stuart Fails to Save the Universe, its…
SteelSeries' honeycombed Aerox 3 was one of the best gaming mice of 2022 – so…
Netflix’s new series, The Boroughs, follows a small group of aging residents in a seemingly…
Gong has announced a business update following the end of its most recent quarter. As…
This website uses cookies.