Fake Lastpass emails pose as password vault backup alerts

News

Featured
Latest

Credential-stealing Chrome extensions target enterprise HR platforms

Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs

Jordanian pleads guilty to selling access to 50 corporate networks

Ingram Micro says ransomware attack affected 42,000 people

Fortinet admins report patched FortiGate firewalls getting hacked

Fake Lastpass emails pose as password vault backup alerts

Microsoft shares workaround for Outlook freezes after Windows update

You Got Phished? Of Course! You're Human...

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityFake Lastpass emails pose as password vault backup alerts

Fake Lastpass emails pose as password vault backup alerts

By Bill Toulas

January 21, 2026
11:58 AM
0

LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours.
The malicious emails include a link that allegedly takes users to a site where they can create an encrypted backup, where the attacker likely tries to hijack accounts or steal vault master passwords.
"Please be advised that LastPass is NOT asking customers to back up their vaults in the next 24 hours; rather, this is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails,” LastPass warns.

The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team believes that the campaign started on January 19 and observed phishing messages delivered from email addresses of the type 'support@lastpass[.]server8' and 'support@sr22vegas[.]com' with the following subject lines:
LastPass Infrastructure Update: Secure Your Vault Now
Your Data, Your Protection: Create a Backup Before Maintenance
Don't Miss Out: Backup Your Vault Before Maintenance
Important: LastPass Maintenance & Your Vault Security
Protect Your Passwords: Backup Your Vault (24-Hour Window)
Crafted to appear as genuine LastPass communications, the emails say that users need to back up their vaults locally to secure their data due to an upcoming infrastructure maintenance.
"While your data remains fully protected at all times, creating a local backup ensures you have uninterrupted access to your credentials during the maintenance window," reads the phishing email.
"In the unlikely event of any unforeseen technical difficulties or data discrepancies, having a recent backup guarantees your information remains secure and recoverable."

The phishing emailSource: LastPass
Users who click on the 'Create Backup Now' button embedded in the email are redirected to a phishing site at ‘mail-lastpass[.]com,’ which appears to be offline at the time of writing.
LastPass comments that the attackers chose to launch this campaign during a holiday weekend in the United States, to catch them understaffed and less prepared for a prompt response.
The password management company reminds users that it will never ask users for their master passwords, urging them to report such incidents to ‘abuse@lastpass.com.’
LastPass users are frequently targeted by phishing campaigns that use various themes and lures to trick them into revealing their passwords.
In October 2025, a phishing campaign used fake death claims to trigger a legacy inheritance process.
A week before, another campaign used fake breach alerts to urge users to download a more secure desktop version of the client app.

7 Security Best Practices for MCP
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
Download Now

Related Articles:
Cryptocurrency theft attacks traced to 2022 LastPass breachYou Got Phished? Of Course! You're Human...Microsoft: Windows 11 update causes Outlook freezes for POP usersGoogle now lets you change your @gmail.com address, rolling outBetterment confirms data breach after wave of crypto scam emails

Backup
Email
LastPass
Password Vault
Passwords
Phishing

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs

Ingram Micro says ransomware attack affected 42,000 people

New PDFSider Windows malware deployed on Fortune 100 firm's network

Sponsor Posts

Identity Governance & Threat Detection in one: Get a guided tour of our platform

Discover how to scale IT infrastructure reliably without adding toil or burnout.

Discover how phishing kits are sold and deployed. Download the full research report.

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Fake Lastpass emails pose as password vault backup alerts.

January 21, 2026

LastPass has issued a warning regarding a new phishing campaign designed to trick users into backing up their vaults, despite the company’s stated policy of never requesting master passwords. The campaign, initiated on January 19th, employs tactics commonly used in social engineering to induce urgency and bypass typical security awareness. The emails, mimicking legitimate LastPass communications, claim an impending infrastructure maintenance necessitates users to create encrypted backups of their vaults within a 24-hour window. Attackers are leveraging the appearance of official LastPass messaging to exploit user trust and encourage immediate action.

The phishing operation originates from email addresses resembling ‘support@lastpass[.]server8’ and ‘support@sr22vegas[.]com,’ employing subject lines such as “LastPass Infrastructure Update: Secure Your Vault Now,” “Your Data, Your Protection: Create a Backup Before Maintenance,” and “Don’t Miss Out: Backup Your Vault (24-Hour Window).” These emails contain a link that directs recipients to a malicious website—mail-lastpass[.]com—which, at the time of publication, is offline. This tactic underlines the attackers’ intent to capture user credentials once they have been misled into providing them.

LastPass’s Threat Intelligence, Mitigation, and Escalation (TIME) team determined that the campaign’s launch coincided with a holiday weekend in the United States, suggesting a deliberate strategy to capitalize on reduced staffing levels and potentially diminished vigilance among users. Furthermore, the attackers are employing a common tactic of exploiting anxieties surrounding system maintenance, capitalizing on the user’s need for uninterrupted access to their data. The company has reiterated its stance, emphasizing that it will never request user’s master passwords and urging recipients to report any suspicious emails to ‘abuse@lastpass.com.’

Historically, LastPass has been a frequent target of phishing campaigns utilizing diverse themes and lures. Notable examples include, in October of 2025, a campaign that exploited fabricated death claims to trigger a legacy inheritance process, and a week prior, another which leveraged fake breach alerts to persuade users to download a purportedly enhanced desktop version of the client application. These diverse approaches highlight the persistent sophistication of cybercriminals attempting to infiltrate users’ security defenses.

The current campaign underscores the ongoing importance of verifying communication sources and exercising caution when responding to unsolicited requests for information or actions within password management systems. Users are encouraged to report any suspected phishing attempts to LastPass's abuse team and to maintain a heightened level of awareness when interacting with digital communications.

Bill Toulas