LastPass has issued a warning about an active phishing campaign targeting its users. The campaign, which began around January 19, 2026, involves fraudulent emails claiming that LastPass is conducting maintenance and urging users to back up their vaults within 24 hours. These emails are sent from various addresses, including support@sr22vegas[.]com and support@lastpass[.]server8, and feature subject lines such as "LastPass Infrastructure Update: Secure Your Vault Now" and "Your Data, Your Protection: Create a Backup Before Maintenance." (blog.lastpass.com)
The emails contain links that redirect users to phishing sites designed to steal their master passwords. For example, one such link directs users to a site hosted at "group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf," which then redirects to "mail-lastpass[.]com." It's important to note that LastPass will never ask users for their master passwords. (blog.lastpass.com)
To protect themselves, users should be cautious of unsolicited emails claiming urgent action is required. They should avoid clicking on links in such emails and verify the authenticity of any communication by contacting LastPass directly through official channels. If users receive suspicious emails, they are encouraged to report them to abuse@lastpass.com. (blog.lastpass.com)
For more information on recognizing and avoiding phishing scams, LastPass provides resources on their website. (lastpass.com)