cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Hackers imitate LastPass staff to access passwords

LastPass has issued a warning to its customers regarding a phishing campaign in which cyber criminals disguise themselves as LastPass staff to access customer password vaults.

user icon Daniel Croft
Fri, 19 Apr 2024
Hackers imitate LastPass staff to access passwords
expand image

For context, LastPass is the world’s most used password manager, allowing users to store their passwords in one secure “vault” and use a master password to access everything. This allows them to use more advanced passwords or passphrases without the risk of forgetting them while also making logins easy.

The company announced that it had spotted the CryptoChameleon phishing kit being used by threat actors to gain access to LastPass customer vaults.

The CryptoChameleon kit works by allowing threat actors to create fake single-sign-on pages imitating other sites. Those who use the fake sites to log in hand their credentials over to the threat actors.


LastPass was notified by data protection specialists Lookout that it had been added to the CryptoChameleon phishing kit and that threat actors had been observed using it to trick victims into handing over their details.

According to LastPass, these phishing attacks are being engaged in a number of ways.

“Victims are directed to fake websites via phishing emails, SMS messages, or even direct phone calls (vishing),” said LastPass on its blog.

The tactics observed by LastPass generally involve:

  • Customers receive a call from an 888 number that tells them their LastPass account has been accessed from a new device and to press “1” to allow or “2” to block access.
  • Those who press “2” are told that they will receive a call from a LastPass representative to “close the ticket”.
  • The scammers then call the victim, usually using an American accent, saying they are a LastPass employee and that they will send them an email to reset account access. This email will contain a link with a shortened URL that takes them to a phishing site imitating LastPass.
  • If the victim then enters their LastPass master password to reset access, the threat actor will steal the credentials and lock them out of their LastPass account by changing details such as master password, email address, and primary phone number.

“We have worked with our vendor partners to take down the phishing site, and we are informing our customers so they can be on the lookout for future iterations of this campaign that may use the same tactics,” LastPass said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.