Scannable-Evernote interaction

[frozwadowski 0]

I use Scannable (on iPhone) but not any other Evernote services.  My understanding from the app was that scanned documents were stored on the device for 30 days and then deleted.  But today I discovered that more than 300 scans over the past 6 years are in an Evernote "notebook" which appears to be in the cloud.  I was dismayed to learn this since some of the scans have personal and financial information.

I looked into this because last night  I got an email from Evernote telling me that my account had been accessed by a user I don't know.  On further checking I learned that this had happened about 65 times in the last three months!! This is bad news. I have upgraded my password and will go for two step authentication but that won't undo the damage done.

The point of this posting is three fold.  First to warn other users in my situation.  Second to ask if there is a way of setting up Scannable such that it does not automatically dump scans into an Evernote notebook. Or, better, to use Scannable without an Evernote account--which is what I thought I was doing until this morning.  And third to ask advice on what to do next--should I assume that  identity theft is coming down the pike?

 

[PinkElephant 8,117]

Open the App, Click on the 3 dots, choose settings.

• You can log out of Evernote there.
• You can enable or disable „Always save in EVERNOTE“
• In the „extended“ menu you can toggle „save last scan on this device (for 30 days)“ on and off.

There are several help pages available on the EN support pages, like these:

https://help.evernote.com/hc/en-us/articles/209125897-Scannable-Frequently-Asked-Questions
https://help.evernote.com/hc/en-us/articles/208430668

Your questions concerning Scannable are all answered in these help docs. In general it is advisable to read the documentation of an app before using it. IMHO the documentation for Scannable is pretty good, compared to other apps I use.

The warning is well placed, since each EN account typically contains personal information of all kind. So never reuse login data, always create unique, strong passwords for each app and service you use. I think because there are so many passwords, it is advisable to use a good password manager for this task. First it will create good passwords, second it will avoid duplicity, third a good one will scan the internet for breaches and warn you.

2 FA is a good idea wherever it is offered.

Concerning your personal situation there probably is a risk that a person has taken valuable information from your account and is trying to use it to his own advantage. You can make this harder by reviewing the status of your online life, and harden your account, user and password situation following the advise above. Most important are your mail accounts, because they can be used to reset the entry to many other services as well.

After having done these steps, you can google yourself from time to time to find out whether there is personal information about you from unknown sources, or looking like somebody build a second identity out of data stolen from your account.

Good luck !

[frozwadowski 0]

Thanks for the quick response. A few remarks:

I rechecked my Scannable app.  It not connected to Evernote and the option "Always save to Evernote" is greyed out. This is in fact how I recall setting it up.  

So what happened? I have been using Scannable constantly since 2013. But reviewing the Evernote notebook I see that my scans were saved there only during the 2-year interval (Oct 2017-Oct 2019).  I don't believe that I changed my settings during that period since (1) I was always reluctant to do this (2) there was no reason for me to change that attitude and (3) I would have remembered this, particularly since I would have had to change the settings twice--choosing "always save" in 2017 and then reversing that in 2019. It is more likely that a  glitch in the Scannable/Evernote caused a change in my settings. I wonder whether anyone else has encountered a similar problem.

Is there a way of informing Evernote about this? They would presumably want to know.

I agree with your general advice about passwords and 2FA and follow it. It is possible that I used a weak password for Evernote back in 2013 but this would not have bothered me because I didn't plan to use it and forgot that I even had an account. Cautionary note.

[PinkElephant 8,117]

No idea if the logic in Scannable has changed during the years. However because it is an autonomous app, it would probably have needed account data to save stuff in EN. Any app can store data in EN, by the share process. But this needs to be initiated by the user in any single case.

EN staff would probably say that storing it in EN is completely secure - as long as the account itself is not compromised.

Concerning security: There is a web site where you can check your e-mail against known breaches of internet companies. It can not cover everything, but if your e-Mail is listed you know it is probably traded in the dark net for abuse.

https://haveibeenpwned.com

[frozwadowski 0]

Agree about what EN staff would probably say, even if "completely" secure is a bold claim!  But my issue is not with the security of Evernote; it is with how my documents ended up on Evernote to start with. Perhaps I'll take it up with them directly, if I can find a way in.

Thanks for the link.  I had the breach information from other sources but with a lot less detail so I found this very interesting.