Subscribe & Save 20% off Premium or Families plans
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
LastPass would like to alert our customers of a current phishing campaign that was detected today, October 13, 2025. These phishing emails are being sent from the email addresses “hello@lastpasspulse[.]blog” or "hello@lastpassgazette[.]blog" with the subject line “We Have Been Hacked - Update Your LastPass Desktop App to Maintain Vault Security.” To be clear, LastPass has NOT been hacked, and this is an attempt on the part of a malicious actor to draw attention and generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails.
The below image displays the body of the email and the link purporting to take potential victims to a new desktop app site, which will instead direct victims to a phishing site hosted at “lastpassdesktop[.]com" or "lastpassgazette[.]blog." The threat actor also registered a similar site (“lastpassdesktop[.]app”), potentially for use in future iterations of this campaign. Other indicators of malicious behavior associated with this campaign include the threat actors’ use of known bulletproof host NICENIC to host the phishing site, as well as the timing of the campaign, which falls over a holiday weekend in the United States, which is a common tactic among threat actors seeking to take advantage of reduced staffing under the assumption it will postpone detection and draw out response time.
Please remember that no one at LastPass will ever ask for your master password. Rest assured, we are working to have this domain taken down as soon as possible and at the time of publication, Cloudflare has posted warning pages in front of the site advising visitors that these sites are phishing pages. Please take the appropriate precautions and, as always, if you are ever unsure whether a LastPass branded email is legitimate, please submit it to abuse@lastpass.com.
Malicious URLs and associated IPs:
- “lastpassdesktop[.]com”
- Serving IP address at time of publication: 172.67.147[.]36
- “lastpassdesktop[.]app”
- Serving IP address at time of publication: 172.67.219[.]2
- "lastpassgazette[.]blog"
- Serving IP address at time of publication: 84.32.84[.]32
Header information:
From: LastPass hello@lastpasspulse[.]blog
Associated IPs:
- 148.222.54[.]15
- 23.83.222[.]47
Reply-to: hello@lastpasspulse[.]blog
Subject: We Have Been Hacked - Update Your LastPass Desktop App to Maintain Vault Security
Subscribe & Save 20% off Premium or Families plans
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
