Mastodawn

📢 LastPass alerte sur une campagne de phishing usurpant des fils d’e-mails et un faux SSO; aucun impact sur ses systèmes
📝 Selon le blog officiel de...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-05-lastpass-alerte-sur-une-campagne-de-phishing-usurpant-des-fils-de-mails-et-un-faux-sso-aucun-impact-sur-ses-systemes/
🌐 source : https://blog.lastpass.com/posts/march-2026-phishing-campaign-targeting-lastpass-customers
#LastPass #indicateurs_de_compromission #Cyberveille

LastPass alerte sur une campagne de phishing usurpant des fils d’e-mails et un faux SSO; aucun impact sur ses systèmes

Selon le blog officiel de LastPass (05/03/2026), l’équipe Threat Intelligence, Mitigation, and Escalation (TIME) alerte ses clients d’une campagne de phishing active débutée autour du 1er mars 2026, sans impact sur les systèmes LastPass. 🎣 Le cœur de l’attaque repose sur des fils d’e-mails factices qui simulent des échanges internes sur des actions non autorisées (export de coffre, récupération de compte, enregistrement de nouvel appareil, etc.). Les attaquants utilisent la spoofing du display name pour faire apparaître “LastPass” comme expéditeur, en pariant sur le fait que de nombreux clients mail (notamment mobiles) n’affichent que le nom et masquent l’adresse réelle.

CyberVeille

gtbarry Mar 5

Fake LastPass support email threads try to steal vault passwords

Disgraced password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts.

#passwordmanager #password #passwords #lastpass #security #cybersecurity #phishing #hackers #hacking #hacked

https://www.bleepingcomputer.com/news/security/fake-lastpass-support-email-threads-try-to-steal-vault-passwords/

Fake LastPass support email threads try to steal vault passwords

Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts.

BleepingComputer

The New Oil Mar 5

Fake #LastPass support email threads try to steal vault passwords

https://www.bleepingcomputer.com/news/security/fake-lastpass-support-email-threads-try-to-steal-vault-passwords/

#cybersecurity #phishing

Fake LastPass support email threads try to steal vault passwords

Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts.

BleepingComputer

TugaTech 🖥️Mar 4

LastPass sob ataque: nova campanha tenta roubar a tua conta com falsos alertas
🔗 https://tugatech.com.pt/t79433-lastpass-sob-ataque-nova-campanha-tenta-roubar-a-tua-conta-com-falsos-alertas

#ataque #conta #lastpass

LastPass sob ataque: nova campanha tenta roubar a tua conta com falsos alertas

Se utilizas o LastPass para guardar as tuas credenciais, é altura de redobrares a atenção. A conhecida plataforma de gestão de segurança está a alertar os seus

TugaTech

The Threat Codex Mar 4

LastPass Alerts Customers of Fake Email Chains Used in New Phishing Campaign; No Impact to LastPass Systems
#LastPass
https://blog.lastpass.com/posts/march-2026-phishing-campaign-targeting-lastpass-customers

March 2026 Phishing Campaign Targeting LastPass Customers - The LastPass Blog

LastPass Threat Intelligence, Mitigation, and Escalation (TIME) would like to alert our customers to an active phishing campaign that began on or around March 1, 2026. These phishing emails are being sent from several email addresses with various subject lines that look like forwarded internal messages about unauthorized access to individuals accounts. The known list of email addresses and subject lines can be found below. This is an attempt on the part of a malicious actor to draw attention and generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails.

securityaffairs Mar 4

#LastPass warns of spoofed alerts aimed at stealing master passwords
https://securityaffairs.com/188911/security/lastpass-warns-of-spoofed-alerts-aimed-at-stealing-master-passwords.html
#securityaffairs #hacking

LastPass warns of spoofed alerts aimed at stealing master passwords

LastPass warns of phishing emails posing as security alerts to trick users into revealing their master passwords.

Security Affairs

Show thread

MrBadAxe Mar 1

@narthur

Oddly, a FB friend used this occasion to point out that the new price difference meant switching to #LastPass was favorable.

I pointed out that

1) If you already have a #1Password family plan (which I do), the price hike is only $1/month, which seemed fair to me

2) LastPass has a history of not telling anyone when they get breached

3) 1Password has a much healthier relationship with independent security researchers, as @soatok has pointed out (https://soatok.blog/2023/01/21/how-you-respond-to-security-researchers-says-everything-about-you/)

How You Respond to Security Researchers Says Everything About You - Dhole Moments

Tails from the Cryptographic Side of Security Research

Dhole Moments

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Feb 27

#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD