LastPass warns users about a new phishing campaign impersonating their service to steal master passwords. The attack involves fake emails claiming maintenance, directing users to malicious sites. #LastPass #PhishingCampaign
Keypoints
- LastPass alerts users to an active phishing campaign starting around January 19, 2026.
- The phishing emails claim to be about maintenance and urge users to create local backups of their vaults.
- Malicious links redirect users to a phishing site and then to a fraudulent domain “mail-lastpass[.]com”.
- LastPass emphasizes it will never ask for master passwords and is working to shut down the malicious infrastructure.
- This attack follows previous campaigns targeting macOS users with malware disguised as legitimate software.
Read More: https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html