Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LastPass impersonation phishing campaign using fake maintenance notices

Campaign
First reported
Last updated
Happening score
H score 37
2 unique sources, 2 articles

Summary

Hide ▲

An active LastPass impersonation phishing campaign is targeting password-manager users with fake maintenance notices to steal master passwords. The operation began on or around January 19, 2026 and pressures recipients to create a local backup of their vaults within 24 hours. The emails route victims to a phishing site at group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf that redirects to mail-lastpass[.]com. LastPass says it will never request a master password and is working to have the malicious infrastructure taken down.

Related Happenings

LastPass users phishing campaign using fake support threads

Campaign
First: 04.03.2026 22:44 Last: 04.03.2026 22:44 Sources 1

About this happening: A **phishing campaign** is targeting **LastPass users** with fake account-access alerts, putting **vault credentials** at risk. The lure uses spoofed support threads and urgent li...

Open Happening

Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw

Vulnerability
First: 16.02.2026 19:15 Last: 16.02.2026 19:15 Sources 1

About this happening: **Bitwarden, LastPass, Dashlane and 1Password** were found to have **cloud password manager vulnerabilities** that could let an attacker **view, change, recover, or delete vault p...

Open Happening

Black Cat SEO poisoning campaign targeting Chinese software searchers

Campaign
First: 07.01.2026 19:09 Last: 07.01.2026 19:09 Sources 1

About this happening: **Black Cat** is using **SEO poisoning** to push fake software download pages into search results, steering **Chinese users** toward a **backdoor Trojan**. The lure pages abuse **...

Open Happening

LastPass customer password vault backups exposed

Data Leak
First: 05.01.2026 11:30 Last: 05.01.2026 11:30 Sources 1

About this happening: The **2022 LastPass data leak** exposed backups of about **30 million customer password vaults**, leaving more than **25 million users** with a **long-tail risk** of offline crack...

Open Happening

LastPass-branded phishing campaign targeting customers

Campaign
First: 16.10.2025 15:30 Last: 16.10.2025 15:30 Sources 1

About this happening: A **LastPass-branded phishing campaign** is luring customers to fake desktop-app and phishing sites, creating immediate **credential-theft risk**. The emails use a breach-themed s...

Open Happening

Timeline

  1. 21.01.2026 08:40 1 articles · 4mo ago

    LastPass impersonation phishing campaign begins

    Exploitation Observed

    An active phishing campaign impersonates LastPass and begins sending fake maintenance emails on or around January 19, 2026 to pressure password-manager users into creating a local backup of their password vaults within 24 hours and entering master passwords on a phishing site that uses group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf and redirects to mail-lastpass[.]com.

    Show sources
    Open in new tab
  2. 21.01.2026 08:40 3 articles · 4mo ago

    LastPass warns users and works to take down malicious infrastructure

    Initial Disclosure

    LastPass alerts users on January 21, 2026 that the maintenance-themed messages are a phishing campaign designed to create a false sense of urgency, says it will never ask for a master password or demand immediate action under a tight deadline, and states that it is working with third-party partners to take down the malicious infrastructure.

    Show sources
    Open in new tab