LastPass employees and customers targeted in “pervasive” phishing campaign


A convincing phishing campaign has targeted LastPass in two waves.

On September 13th, LastPass customers began reporting phishing attempts. A variety of industries, including LastPass's own 87 employees, were targeted in what the company called a widespread, pervasive, and convincing phishing campaign.

Victims first got emails from the address [email protected][.]th, associated with a domain that wasn’t previously linked to malicious activity.

The email contained a link to phishing pages that were hosted on the subdomains of customer-lastpass[.]su.

LastPass partnered with Fortra’s PhishLabs to mitigate the risk. “By the time the first reports started coming in from our customers, a takedown request to each respective service provider for the two suspicious domains was already underway.”

Unfortunately, the attackers registered a similar domain for credential phishing and began a second wave of attacks on September 19th. Several malicious subdomains were taken down within 16 hours from the start of the campaign.

Recently, LastPass was under fire again as a well-known crypto pundit blamed the company for crypto losses. Crypto enthusiasts were reporting unexplained cryptocurrency wallet depletions and linking these crypto heists to the 2022 breaches of the widely-used password manager.


More from Cybernews:

DarkBeam leaks billions of email and password combinations

China’s chamber asks US to “carefully consider” tech investment ban

Misconfigured WBSC server leaks thousands of passports

Reddit is now forcing ad personalization – you can’t opt out

Disney joins account sharing crackdown

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked