I am unsure why, but most likely this comes through via some sort of exploit of a plugin a user has. I have seen email accounts disappear in cPanel users email accounts page. Yet their email functions fine. I found this article and it spoke a little about the issue:
https://support.cpanel.net/hc/en-us/articles/360052477034-Email-accounts-are-missing
I found it was easiest to lay it out. My example shows user anthony@vivithemage.com was not there, and this is how to restore it. If you have the passwd file or if you recall what the usernames of the email accounts should be, you can get them back showing in cPanel to modify them. This will show you what user had an email account:
[root@madhost613 vivithemage.com]# cat /home/vivithem/etc/vivithemage.com/passwd
anthony:x:671:673::/home/vivithem/mail/vivithemage.com/anthony:/usr/local/cpanel/bin/noshell
[root@madhost613 vivithemage.com#
Or you can pull it out from your email_accounts.json file:
[root@madhost613 vivithemage.com]# cat /home/vivithem/.cpanel/email_accounts.json
{"vivithemage.com":{"quota_mtime":1676555934,"disk_mtime":1676530335,"account_count":1,"shadow_mtime":1676555934,"accounts":{"anthony":{"suspended_login":0,"disk_mtime":1494927201,"diskused":"8041555","diskmtime":1676530335}}},"__version":3,"vivithemage.net":{"accounts":{},"account_count":0},"vivithemage.org":{"accounts":{},"account_count":0}}
[root@madhost613 vivithemage.com]#
now create a new shadow file in the correct directory and change ownership to the ACCOUNT. In my case it is:
cd /home/vivithem/etc/vivithemage.com/
chown vivithem:vivithem shadow
and dump this line in for EACH user missing:
anthony:$6$eGMpFjEJEI3349z3$.dhfm1rs/ftxFa8Rt8zs4yAA5dHCBdOb7P2T42Pwi/i5GpXb45BjoXiDccRbtmrwwoQkAHWF3mOwOouloYvvS1:18635::::::
If you have a second user with Elyssa you would now have this:
anthony:$6$eGMpFjEJEI3349z3$.dhfm1rs/ftxFa8Rt8zs4yAA5dHCBdOb7P2T42Pwi/i5GpXb45BjoXiDccRbtmrwwoQkAHWF3mOwOouloYvvS1:18635::::::
elyssa:$6$eGMpFjEJEI3349z3$.dhfm1rs/ftxFa8Rt8zs4yAA5dHCBdOb7P2T42Pwi/i5GpXb45BjoXiDccRbtmrwwoQkAHWF3mOwOouloYvvS1:18635::::::
replace anthony with your username missing from passwd. The hash following is irrelevant, because once you do this, you can change the password via cPanel as you would normally.
Once done this auto populates them in cPanel with no restarts required. It’s a bit of a manual process, but at least this way you can get back on with your life and reset passwords.