![\"LastPass](\"https:\/\/www.europesays.com\/ie\/wp-content\/uploads\/2025\/10\/1761386349_883_960x0.jpg\")
<\/p>\n<\/p>\n
LastPass issues ‘Are You Dead?’ mater password hacking threat warning.<\/p>\n
SOPA Images\/LightRocket via Getty Images<\/p>\n
While your email account password is a primary target for hackers, as Gmail users<\/a> will be only too aware, with certain email attacks surging<\/a> as a result, there\u2019s only one password that can truly claim to hold the keys to your online kingdom. Yes, we are talking about your password manager master password. No wonder, then, that hackers will try anything to relieve you of it. LastPass, as one of the most popular password managers, is no stranger to these attempts. I\u2019ve already reported how, oh the irony, an email claiming that LastPass accounts had been hacked<\/a> was being used in one such phishing campaign. Now, LastPass itself has issued a warning to all users as it has identified an ongoing attack that exploits the password manager inheritance process to allow family members to access legacy user vaults. Here\u2019s what you need to know about the \u2018Are You Dead?\u2019 LastPass master password threat.<\/p>\n ForbesPayPal Users Warned \u2018Do Not Pay, Do Not Phone\u2019 As Attackers StrikeBy Davey Winder<\/a>The \u2018Are You Dead?\u2019 LastPass Master Password Threat Explained<\/p>\n As phishing lures go, asking a potential victim of a password hacking attack if they are dead would seem, at least on the surface, to be rather more ridiculous than most. However, the devil is always in the details. First, there\u2019s the fact that the email itself appears for all intents and purposes to come from a LastPass alerts email address. Then, there\u2019s the wording, which is cleverly constructed to grab your attention, perhaps because it is so bizarre. The subject line of \u201cLegacy Request Opened (URGENT IF YOU ARE NOT DECEASED)\u201d instills the necessary urgency, albeit the block capitals used should be a red flag, as no genuine organization would likely adopt such formatting. Then, the message body itself begins with: \u201cA death certificate was uploaded by a family member to regain access to the LastPass account XXXXXXXXXXXXX.\u201d<\/p>\n \u201cThe email goes on to include a statement that a live case has been opened and includes fabricated information regarding a supposed agent assigned to the case,\u201d LastPass warned<\/a> users, \u201cincluding an agent ID number, the date the case opened, and the case priority, all of which are false.\u201d<\/p>\n