Cybercriminals Launch Sophisticated Phishing Attack Targeting LastPass Users

Beware of new phishing scams targeting LastPass users. Learn how to protect your vault during this ongoing threat.

By Content Team

Jan 22, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

LastPass customers are being targeted in an ongoing phishing campaign that began around January 19, strategically timed during the Martin Luther King Jr. Day holiday weekend when security teams have reduced staffing.

The attackers are sending convincing emails from addresses like support@lastpass[.]server8, urging users to "back up their vaults" due to fake scheduled maintenance. Subject lines include "LastPass Infrastructure Update: Secure Your Vault Now" and "Protect Your Passwords: Backup Your Vault (24-Hour Window)."

These emails lead to phishing sites designed to steal login credentials, potentially giving criminals access to entire password vaults. LastPass emphasizes they never ask for master passwords and advises customers to report suspicious emails to abuse@lastpass.com. While no accounts appear compromised yet, the company recommends enabling multifactor authentication for added protection.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Iran-Linked Hackers Disrupt Medical Giant Stryker's Global Operations

Mar 13, 2026

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Mar 6, 2026

Cybercriminals Use LiveChat Platform for Real-Time Phishing Scams

Mar 17, 2026

Medical Giant Stryker Hit by Cyberattack Linked to Iranian Group

Mar 12, 2026