diff --git a/database/migrations/0011-login_user_backups_plug_holes.ts b/database/migrations/0011-login_user_backups_plug_holes.ts
new file mode 100644
index 000000000..08520996f
--- /dev/null
+++ b/database/migrations/0011-login_user_backups_plug_holes.ts
@@ -0,0 +1,19 @@
+/* MIGRATION TO CLEAN PRODUCTION DATA
+ *
+ * cleanup the login_user_backups table as far a possible.
+ * Since the passphrase changed and its type is not detectable
+ * this whole thing is a pitfall
+ */
+
+export async function upgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
+  // Delete data with no reference in login_users table
+  await queryFn(`DELETE FROM login_user_backups WHERE user_id NOT IN (SELECT id FROM login_users)`)
+  // Searching for users with a missing password and a backup entry
+  // `SELECT * FROM login_user_backups WHERE user_id IN (SELECT id FROM login_users WHERE password = 0)`
+  // results in only new users with the proper passphrase scheme - luckily we seem to be good on this one
+  // 142 entries in total are found and every entry has type 2 (new one).
+}
+
+export async function downgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
+  return [] // cannot undelete things
+}