'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
a password manager shows unexpected vault changes or missing entries
Short answer
Stop making changes and secure the password-manager account first (sign out other sessions, change the master password, turn on two-step verification). Then work from a clean device to recover the vault (history/trash/restore) and capture what changed.
Do not do these things
- Don’t start mass-editing passwords or deleting entries “to tidy up” — you can overwrite evidence and make recovery harder.
- Don’t uninstall/reinstall the password manager or wipe your device yet — you may lose local vault data needed to restore.
- Don’t keep logging in/out on multiple devices trying to “force sync” — that can spread a bad sync state.
- Don’t reuse your master password anywhere else, and don’t share it (or recovery codes) with anyone.
- Don’t click “support” links from emails/messages or sponsored results — use in-app help, or type the vendor’s address yourself.
What to do now
-
Pause syncing changes (reduce further damage).
Stop editing the vault. Close the app on other devices. If needed, temporarily take other devices offline so they don’t push/pull more changes while you stabilise. -
From one trusted device, secure the password-manager account.
- Check the password manager’s security/devices/sessions page for unknown devices or recent logins.
- Sign out of all other sessions (or “log out of all devices”).
- Change the master password immediately to a new, long passphrase.
- Turn on 2-step verification (2SV) for the password manager account (or confirm it’s still on).
- If the service provides recovery codes, generate new ones after securing access (old ones may be exposed).
-
Create a “do-not-touch” snapshot for later (quick record).
Take screenshots or notes of: the date/time you noticed, what’s missing, any “vault updated” messages, device list/logins, and any alerts. This helps if you need vendor support or later reporting. -
Check for built-in recovery inside the password manager.
Look for trash/archived items, item history, vault restore, previous versions, or sync conflict prompts.- If it’s a shared/family/work vault, check whether another member made changes and whether there’s an admin/audit trail.
-
Secure the most common reset route: your email account.
Secure the email account used for the password manager: change the email password, turn on 2SV, and review account sign-in activity. -
Check whether a device issue is driving the changes.
Install pending OS/browser updates. If something seems off (unknown extensions/apps, repeated pop-ups, unexpected “device management” prompts), run a reputable security scan and consider getting hands-on IT help before you do broad password resets. -
Prioritise a small set of high-impact accounts first.
If compromise is possible, change passwords (and enable 2SV) for:- your email, banking, mobile network account, main Apple/Google/Microsoft account, and anything that can reset other passwords.
Do this from your trusted device after you’ve secured the password manager account.
- your email, banking, mobile network account, main Apple/Google/Microsoft account, and anything that can reset other passwords.
-
Get vendor support if anything doesn’t add up.
Use the password manager’s official support and ask specifically about: unexpected vault version changes, rollback, sync conflicts, missing entries, and account access logs. -
If money was stolen or you were defrauded, report it through UK channels.
Use Report Fraud (the UK service for reporting cyber crime and fraud). If you live in Scotland or it happened there, report via Police Scotland (101).
What can wait
- You do not need to decide today whether to switch password managers.
- You do not need to change every password immediately — focus on securing the password manager and the most sensitive accounts first.
- You do not need to factory-reset devices unless there are strong signs of compromise and simpler steps fail.
Important reassurance
This can happen from a benign sync conflict, an accidental shared-vault edit, a device restore, or an actual account compromise — and it often looks the same at first. Taking a calm “freeze changes, secure access, then recover” approach gives you the best chance of getting data back and preventing further loss.
Scope note
These are first steps to stabilise and prevent irreversible mistakes. If you confirm an account takeover or malware, you may need deeper incident response (IT support, bank fraud team, or specialist cyber help).
Important note
This is general information, not legal, financial, or professional security advice. If you believe a crime is in progress, you’re at immediate risk, or you’ve lost money, use official reporting and your bank’s fraud channels promptly.
Additional Resources
- https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers
- https://www.ncsc.gov.uk/guidance/setting-2-step-verification-2sv
- https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
- https://www.reportfraud.police.uk/
- https://www.gov.uk/government/news/report-fraud-new-service-from-city-of-london-police