'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
a password manager shows unexpected vault changes or missing entries
Short answer
Freeze changes and secure the password-manager account right away (log out other sessions, change the master password, enable MFA). Then recover the vault using history/trash/restore features from a clean device and document what you’re seeing.
Do not do these things
- Don’t start bulk-changing or deleting vault items — you may overwrite recoverable history.
- Don’t uninstall/reinstall the app or wipe your computer/phone yet — you could lose local vault data needed for restoration.
- Don’t “force sync” by repeatedly signing in on multiple devices — that can spread a corrupted/rolled-back vault state.
- Don’t use “support” links from emails/texts/ads or sponsored results — use in-app support or type the vendor’s address yourself.
- Don’t share screenshots that include recovery codes, one-time codes, or full account identifiers.
What to do now
-
Stop further vault changes.
Close the password manager on other devices (and, if needed, temporarily take them offline) so they don’t push/pull more changes while you secure the account. -
Secure the password-manager account from one trusted device.
- Review the password manager’s devices/sessions/security activity for unknown sign-ins.
- Sign out of all other sessions (or “log out everywhere”).
- Change the master password to a new, long passphrase.
- Turn on MFA for the password manager account (or confirm it’s still enabled).
- After MFA is stable, rotate recovery codes if the service provides them.
-
Make a quick evidence snapshot.
Write down or screenshot: the time you noticed, what’s missing, any “vault updated” prompts, device/session list, and alerts. This helps vendor support and any later reporting. -
Use built-in recovery features before you do anything else.
Look for trash, item history, previous versions, restore vault, sync conflict prompts, or account rollback options.- If it’s a family/work/shared vault, check whether another member/admin changed items and whether there’s an audit log.
-
Secure the two most common weak links: email + device.
Password managers are often reset via email and used on a primary device.- Secure the email account tied to the password manager (new password + MFA + review sign-in activity).
- Update OS/browser and run a reputable malware scan if anything feels off (unknown extensions, new admin tools, unexpected pop-ups).
-
Protect the highest-risk accounts first (small, focused list).
If compromise is possible, change passwords and enable MFA for:- your primary email, financial accounts, mobile carrier account, and Apple/Google/Microsoft account (anything that can reset other passwords).
Do this from a trusted device after locking down the password manager.
- your primary email, financial accounts, mobile carrier account, and Apple/Google/Microsoft account (anything that can reset other passwords).
-
Contact official vendor support if recovery isn’t clear.
Ask specifically about: unexpected vault version changes, rollback, missing entries, sync conflicts, and account access logs. -
If you lost money, had an account takeover, or shared sensitive data, use official U.S. reporting channels.
- For identity theft recovery steps, use IdentityTheft.gov (type it directly).
- For cyber-enabled crime/fraud reporting, file with the FBI’s IC3 (type ic3.gov directly and avoid lookalike sites).
Keep your documentation from steps 2–3.
What can wait
- You do not need to decide immediately whether to switch password managers.
- You do not need to rotate every single password right now — start with the “keys to the kingdom” accounts first.
- You do not need to factory-reset devices unless there are strong signs of compromise and simpler recovery/cleanup fails.
Important reassurance
Missing entries and unexpected vault changes can come from sync conflicts, device restores, shared-vault edits, or an account takeover — the first view can be misleading. Freezing changes and securing access first prevents the most common irreversible mistakes.
Scope note
These are first steps to stabilize the situation. If you confirm malware or an account takeover, you may need deeper cleanup (IT support, bank fraud team, or specialist incident response).
Important note
This is general information, not legal, financial, or professional security advice. If you’re actively losing money or accounts, contact your bank/card issuer promptly and use official reporting resources.