Overview
- LastPass and Bitwarden warned users on July 14–15 that phishing emails sent from addresses such as 'hello@lastpassnewsletter.com' and 'hello@bitwardennewsletter.com' direct recipients to fraudulent compliance sites.
- Security products including Microsoft Defender for Office 365 and Cloudflare flagged the domains lastpasscompliance[.]com and bitwardencompliance[.]com, and the reported fake landing pages were taken offline at the time of reporting.
- Both companies say their systems were not compromised and that the phishing messages did not originate from their infrastructure, and LastPass reminded users it will never ask for a master password.
- The malicious pages impersonated DocuSign, prompted users to download files, offered live chat, and asked for credentials, creating risk of master-password theft or malware installation.
- Users are advised to report suspicious messages to vendor abuse channels, change master passwords from trusted devices if they entered credentials, review vault activity, and always verify sender domains before clicking links.