Security breach in Evernote?

[reyaaz 0]

When I tried to login on my phone, Evernote was asking, if I wanted to discard any of the 2 devices on my account - my laptop and an iphone.

I don't have an iphone.

I've now changed my password.

Further suggestions,  please. 🤔

 

Thanks

[DTLow 5,736]

8 hours ago, reyaaz said:

When I tried to login on my phone, Evernote was asking, if I wanted to discard any of the 2 devices on my account - my laptop and an iphone.

Someone logged in with your userid/password; probably obtained from a less secure web site

An important practice is to only use the new password for Evernote     
Don't use the same password at other sites

[PinkElephant 8,114]

You can always go to the EN web client with a browser. This is never counted as a device.

Do this, and check the access history. You can see which device logged in, and from where.

It is a know issue that hackers who use passwords they got from other breaches hide themselves behind an iPhone signature. The access is from a computer, and from a different location (oh, the wonders of using a VPN ...).

Change your password, and this time do not use a recycled one, used on other services, or easy to guess (like a small variation of another PW).

Get yourself a PW manager, and use 2FA for further hardening of your EN account.

Edit: Since Oct 1st, 2020 the WebCklient is counted as a device as well. This is relevant for Basic accounts.

[Paul A. 621]

11 hours ago, reyaaz said:

When I tried to login on my phone, Evernote was asking, if I wanted to discard any of the 2 devices on my account - my laptop and an iphone.

I don't have an iphone.

I've now changed my password.

Further suggestions,  please. 🤔

 

Thanks

I suggest you do a security checkup on your account. Evernote doesn't have an "all in one" security checkup option so you have to click on a few different options from your account summary (https://www.evernote.com/Settings.action), but I have provided direct links to each section below:

Review your access history for any suspicious logins: https://www.evernote.com/AccessHistory.action

Review your active devices: https://www.evernote.com/Devices.action

Review your authorized applications: https://www.evernote.com/AuthorizedServices.action

Review your connected services: https://www.evernote.com/ConnectedServices.action

Deactivate or revoke all devices, applications, or connected services unless you are certain that it's your own device. (If you deactivate or revoke erroneously, you'll simply have to log back in, so better to revoke access if you're not sure.)

Make sure the password you use is unique (i.e. not shared with other web sites) and not easily guessable. Turn on two-factor authentication: https://www.evernote.com/secure/SecuritySettings.action

 

Here's the Evernote help article of steps to take if you suspect a breach, which basically says the same as above:

https://help.evernote.com/hc/en-us/articles/115004395487

 

Good luck.

[Kailence 0]

Just received an email last night that my account was logged into in Russia. No, not me. When I checked my account I see that since September 2020 there have been 8 international log ins. My account has been pretty well dormant since 2015. Why I only received an email last night about the suspicious activity when it's been going on for months is beyond me.

[whatevernote333 0]

Kailence  the same thing happened to me. Got an email today about an access from China, and when I've looked into the session history, I saw around 10 logins from countries like China, India, Vietnam, etc.
Luckily my account was also dormant for more than 6 years, and I'm sure as hell I will stay away from this service in the future.

This could've only happened if they had a breach and if they're storing the passwords in plain text - which they are apparently.

 

[Paul A. 621]

On 11/9/2020 at 1:10 PM, whatevernote333 said:

Kailence  the same thing happened to me. Got an email today about an access from China, and when I've looked into the session history, I saw around 10 logins from countries like China, India, Vietnam, etc.
Luckily my account was also dormant for more than 6 years, and I'm sure as hell I will stay away from this service in the future.

This could've only happened if they had a breach and if they're storing the passwords in plain text - which they are apparently.

 

Isn't it just as likely that you re-used your Evernote password elsewhere, another site was cracked, and someone used those cracked passwords to log into your Evernote account looking for sensitive information that they could use? You can check here if your email address has been involved in a breach:

https://haveibeenpwned.com/

[RacingGoat 22]

3 hours ago, Paul A. said:

Isn't it just as infinitely more likely that you re-used your Evernote password elsewhere

Fixed that for you.

[PinkElephant 8,114]

@Kailence @whatevernote333 Easy to fix:

• Change your PW - use this time one that is unique to your EN account plus strong enough (there are several ways to create strong passwords, just pick your choice)
• Set up 2-FA for even better security
• Since bad habits probably were reused as your passwords, don’t forget to apply the same measures to all other accounts. Start with your mail accounts, since they are used to reset others, continue with everything related to money or online shopping, and then all the rest.

Be happy it happens now, because we should all stay at home, and weather is dreadful anyhow. So you have all the time in the world to clean up your digital mess life. Say „booooh“ to these guys in Russia and China !

Special thanks to @Paul A. @RacingGoat 👏

[Sayre Ambrosio 520]

On 9/22/2020 at 5:19 PM, PinkElephant said:

You can always go to the EN web client with a browser. This is never counted as a device.

Do this, and check the access history. You can see which device logged in, and from where.

It is a know issue that hackers who use passwords they got from other breaches hide themselves behind an iPhone signature. The access is from a computer, and from a different location (oh, the wonders of using a VPN ...).

Change your password, and this time do not use a recycled one, used on other services, or easy to guess (like a small variation of another PW).

Get yourself a PW manager, and use 2FA for further hardening of your EN account.

Just a heads up that this is no longer accurate. The web app now counts as a device and will count against those who are allowed only two.

[PinkElephant 8,114]

Yes, this was changed by EN around October 1st. Have placed a remark as an edit.

Thanks for the heads up.

[ssood2 0]

I faced the same issue and lost around 10k USD in cryptocurrencies because of that. I used to rely on evernote since a long time and I always thought that based on my recent activity, if someone tries to access my account from another country they will always ask to verify via email even without 2FA like Google or other websites do.

but I just received an alert email at 4 am that my account was accessed from Cyprus (which is quite far from where I live and have never been there) and by 4:30 am all my cryptocurrencies were stolen because it had the password to my ethereum wallet.

Such a poor security measure by such an important service. Never relying on Evernote again.