- LastPass phishing campaign tricks victims with their master passwords
- Fake maintenance email warns users to urgently back up their vaults
- “No one at LastPass will ever ask you for your master password”
LastPass has issued a warning about a new phishing campaign aimed at tricking users into handing over their master passwords and, with that, potentially all of their passwords, 2FA codes, payment details, and more.
A fake “scheduled maintenance” warning email encourages users to back up their password manager vaults within 24 hours, only to steal their credentials.
This false sense of urgency is one of the most common ways to trick victims into sharing their credentials, forcing them to quickly pass certain basic checks that would highlight the questionable activity.
LastPass Users Warned About January 2026 Phishing Campaign
“Please note that LastPass is NOT asking customers to back up their vaults in the next 24 hours,” the company stressed. “Remember, no one at LastPass will ever ask you for your master password.”
An authentic-looking email template covers all the essentials: an assumed commitment to security, instructions on how to back up, and contact methods for further questions.
However, there are a few quick steps users can take before falling victim to it. For example, campaign sender addresses include support@sr22vegas[.]com, support@lastpass[.]server8, support@lastpass[.]server7 and support@lastpass[.]server3.
LastPass promises to work with third-party partners to remove identified domains and encourages users to report suspicious emails to [email protected].
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
