Search terms (Hacked)

[J Pih 1]

Hi

My account was accessed from Russia and Indonesia. I tried contacting support.

Please, tell me more search terms that were done in my evernote. I can only see 3 terms. Were there any modifications in my notes from those locations?

Please, help!

[gazumped 11,664]

Hi - see this thread:  

 

 

[J Pih 1]

I've seen that thread weeks ago. I've been trying to talk to support. I just want to know if it's possible for admins to see more than the last 3 search terms (I fully permit them) in my notes. I could only see that the hackers searched for the terms seed, phrase, and wallet, and I want to know what else did they target that I should be worried about.

[gazumped 11,664]

8 minutes ago, J Pih said:

I've seen that thread weeks ago. I've been trying to talk to support. I just want to know if it's possible for admins to see more than the last 3 search terms (I fully permit them) in my notes. I could only see that the hackers searched for the terms seed, phrase, and wallet, and I want to know what else did they target that I should be worried about.

Chat seems to be suspended for the time being and Support is pretty much buried by the feedback from their launch of v10.  If you have a ticket number we can flag your post for an admin to see if they can assist,  but I'd doubt it.  The problem with hacks is: they look exactly like the user - that being how they got in in the first place.  Other than checking for updates at particular times,  there's no way to see what are 'good' and 'bad' changes.

Don't know if this was in the thread above - What to do if you suspect unauthorized access to your Evernote account

[PinkElephant 8,103]

It is a known strategy that hackers try to get access to EN accounts, and search for Bitcoin wallets resp. related information. The search terms used are in line with this observation.

Hopefully you have safeguarded your account now to avoid any repetition of this attack. Most likely you did reuse your password from another service that was hacked before. Account data like this is circulating on the darknet and traded between hacker groups. With the necessary equipment and using scripts you can try to open and search thousands of accounts in a very short time. The hackers are probably only alerted if an account was successfully hacked and the search found one of the strings. Up to this point the whole attack runs on autopilot. This means it is not to steal other information, nor damage existing data.

This is my assumption from reports here in the forum - and no assurance they will not cause more damage. Every user has to make sure his own account is locked and safe, and stays this way. The tools are known: Unique, strong passwords and activated 2-factor-authentication.

[J Pih 1]

I haven't made any searches in the notes for years and I haven't made any after the hacking. That's how it's clear which ones are me and which are not.

I have a ticket up, but they stopped responding.

[J Pih 1]

3 minutes ago, PinkElephant said:

It is a known strategy that hackers try to get access to EN accounts, and search for Bitcoin wallets resp. related information. The search terms used are in line with this observation.

Hopefully you have safeguarded your account now to avoid any repetition of this attack. Most likely you did reuse your password from another service that was hacked before. Account data like this is circulating on the darknet and traded between hacker groups. With the necessary equipment and using scripts you can try to open and search thousands of accounts in a very short time. The hackers are probably only alerted if an account was successfully hacked and the search found one of the strings. Up to this point the whole attack runs on autopilot. This means it is not to steal other information, nor damage existing data.

This is my assumption from reports here in the forum - and no assurance they will not cause more damage. Every user has to make sure his own account is locked and safe, and stays this way. The tools are known: Unique, strong passwords and activated 2-factor-authentication.

Thanks for the insight. The worst thing I could do now is change my password. They shouldn't have gotten into the account since they're in different continents.

[J Pih 1]

16 minutes ago, gazumped said:

Chat seems to be suspended for the time being and Support is pretty much buried by the feedback from their launch of v10.  If you have a ticket number we can flag your post for an admin to see if they can assist,  but I'd doubt it.  The problem with hacks is: they look exactly like the user - that being how they got in in the first place.  Other than checking for updates at particular times,  there's no way to see what are 'good' and 'bad' changes.

Don't know if this was in the thread above - What to do if you suspect unauthorized access to your Evernote account

They did not look like me. They logged in from different continents.
I don't know how you could do it but here is the ticket number : #3178255
Thanks for the help guys. I just need an admin to look at my search terms now. That's all.
Admins, please help!

[J Pih 1]

If anyone knows of a way to see the search terms by myself please tell me

[gazumped 11,664]

9 minutes ago, J Pih said:

I don't know how you could do it but here is the ticket number : #3178255

Like Xena,  I have many skills .  I flagged you for an Admin to take a look - again,  they're very busy so it might take a day or two...

[J Pih 1]

1 minute ago, gazumped said:

Like Xena,  I have many skills .  I flagged you for an Admin to take a look - again,  they're very busy so it might take a day or two...

Thank you. I appreciate it. I could wait, even though I've been waiting for quite some time, so I hope I don't get blackmailed all of a sudden or find out there were digital keys in my notes that I haven't sorted out (I have a bazillion note).

[eric99 980]

3 hours ago, J Pih said:

Thanks for the insight. The worst thing I could do now is change my password. They shouldn't have gotten into the account since they're in different continents.

and activate two-factor authentication, then nobody can access your account from a foreign device, not even your neighbor. So, the tools are there, just use them...

[PinkElephant 8,103]

2 hours ago, J Pih said:

Thanks for the insight. The worst thing I could do now is change my password. They shouldn't have gotten into the account since they're in different continents.

If you do not change your password NOW, your account continues open for those who obviously have your current password.

You don’t seem to know much about how the internet works. If I want to relocate my point of access right now, I connect to my VPN provider, choose a server and - Boooom - I am now in Australia. I have not left my sofa, but virtually I relocated with a few mouse clicks to down under. Geolocation is NOTHING, anybody can do this, and hackers do it for sure, because they don’t want to be found !

Furthermore (at least when travel was still open) if you have 200 Million users, hundreds of thousands or even millions of them will be traveling at any given time. They will not announce this to EN: On business from Europe to China, stopover in Dubai, shopping weekend in Singapore on the way, and after the negotiations a few days on the beach in Bali. And yes, going to EN from each and every stop. WTF do you think would happen if each user would have to clear every step in life with EN support, always explaining that, yes, it’s me, really, just on the move again.

So again, reset your PW to one that is strong and unique to EN, and after you did go and activate 2FA. Or live with the consequences of leaving the same door open that the thief’s have already used.

[J Pih 1]

4 hours ago, eric99 said:

and activate two-factor authentication, then nobody can access your account from a foreign device, not even your neighbor. So, the tools are there, just use them...

There were no 2FA when I first made the account, and it was a new account for my PC so it neither was as apparent or as smooth as on a phone to have 2FA. Email verifications for new locations were the norm, especially for PC.

 

2 hours ago, PinkElephant said:

If you do not change your password NOW, your account continues open for those who obviously have your current password.

You don’t seem to know much about how the internet works. If I want to relocate my point of access right now, I connect to my VPN provider, choose a server and - Boooom - I am now in Australia. I have not left my sofa, but virtually I relocated with a few mouse clicks to down under. Geolocation is NOTHING, anybody can do this, and hackers do it for sure, because they don’t want to be found !

Furthermore (at least when travel was still open) if you have 200 Million users, hundreds of thousands or even millions of them will be traveling at any given time. They will not announce this to EN: On business from Europe to China, stopover in Dubai, shopping weekend in Singapore on the way, and after the negotiations a few days on the beach in Bali. And yes, going to EN from each and every stop. WTF do you think would happen if each user would have to clear every step in life with EN support, always explaining that, yes, it’s me, really, just on the move again.

So again, reset your PW to one that is strong and unique to EN, and after you did go and activate 2FA. Or live with the consequences of leaving the same door open that the thief’s have already used.

Did you try to think of a point I might have in saying I can't change the password right now other than what you thought? or is your superiority complex too big for you to notice it?

"You don't seem to know much about how the internet works...." VPN servers can be blacklisted by Evernote's login server(s) even if they had dedicated and fresh IPs using a now-conventional IP activity pattern AI. Also the hackers don't have my login locations on Evernote or anything else to know which location they should set themselves to, so you did not even need to know the technicalities of it to realize that. All you needed for your journey to start knowing is realizing that you know absolutely BS. It opens up the mind. Try it.

"There's this new fancy thing called VPN! That's how the internet works these days! I can change my location! :3" Pepega

Furthermore one-time email verification codes and automatically trusted locations thereafter. One more time, sit.

Someone just told me that most, but not all, people on here are people who are working towards being in Support. And that you yourself are friends with Support, but I don't know. Even though this is where you hangout with your friends I'm not completely sure you are friends with Support. You could be.

So again, try to deal with yourself before attempting to take your frustrations on someone who might turn out to be the opposite of what you thought you could aggressively flex on.

[PinkElephant 8,103]

Just one thing: You got yourself hacked, not me ...

[J Pih 1]

Resorting to only pointing out to the other's misfortunes signals admission of defeat. Your bandaging upvotes are on the way.

[PinkElephant 8,103]

I just pointed out that if I read your own words you did not manage to secure your account. Something like this does not „happen“ without making it possible, by mistake or neglect.

Following your enthusiastic argument that everything would be o.k. while following your own words the door is still open, I bow to that superior logic.

If I were a hacker, an open EN account would be an invitation for a nice virtual identity theft.

But maybe they were only after bitcoin, and ruining your day is below their target ransom.

[CalS 5,280]

6 hours ago, J Pih said:

I have a ticket up, but they stopped responding.

Didn't know you could submit a ticket as a Basic subscriber, perhaps your avatar needs updating by EN.

6 hours ago, J Pih said:

The worst thing I could do now is change my password

Why would that be?  Seems the quickest path to stop the bleeding.  Or before whoever they are do it for you.

6 hours ago, J Pih said:

They shouldn't have gotten into the account since they're in different continents.

Not clear what difference it makes where whoever got your credentials was when they used them other than new location check which I am not sure EN has?

6 hours ago, J Pih said:

If anyone knows of a way to see the search terms by myself please tell me

What would you differently with the search knowledge as opposed to just taking the usual steps based upon whatever information might have been compromised?  It is already after the fact and they could have scanned note titles as well based upon tag or notebook names (though not likely).  Times a wasting if you had any sensitive data in your notes.

Getting hacked sucks but not clear to me how explicit knowledge of searches is going to help much.  No guarantee that answer will be all inclusive of exposure.  Assume the worst and address it would be my advice.

 

[J Pih 1]

23 minutes ago, PinkElephant said:

I just pointed out that if I read your own words you did not manage to secure your account. Something like this does not „happen“ without making it possible, by mistake or neglect.

Following your enthusiastic argument that everything would be o.k. while following your own words the door is still open, I bow to that superior logic.

If I were a hacker, an open EN account would be an invitation for a nice virtual identity theft.

But maybe they were only after bitcoin, and ruining your day is below their target ransom.

You don't make sense. You're also claiming that I've said things that I have not. You have a problem in your fundamental assumptions.
"argument that everything would be o.k" Lol

 

 

24 minutes ago, CalS said:

Why would that be?  Seems the quickest path to stop the bleeding.  Or before whoever they are do it for you.

It's a bit complicated. You can DM me if you still want to know.
 

27 minutes ago, CalS said:

Not clear what difference it makes where whoever got your credentials was when they used them other than new location check which I am not sure EN has?

That's my point. One would think EN must have those. I was surprised recently.
 

30 minutes ago, CalS said:

What would you differently with the search knowledge as opposed to just taking the usual steps based upon whatever information might have been compromised?  It is already after the fact and they could have scanned note titles as well based upon tag or notebook names (though not likely).  Times a wasting if you had any sensitive data in your notes.

Getting hacked sucks but not clear to me how explicit knowledge of searches is going to help much.  No guarantee that answer will be all inclusive of exposure.  Assume the worst and address it would be my advice.

I'm doing what I can to secure all the subjects of my notes, but there's just a LOT. There's so many things in there that I might not get to see every important little thing even if I make it my day job for the next few months. I might have already secured everything that I should, but being 100% sure would need months. So knowing exactly what was looked for would definitely be great knowledge to accelerate me to an effective speed.

[CalS 5,280]

29 minutes ago, J Pih said:

I'm doing what I can to secure all the subjects of my notes, but there's just a LOT.

You know your circumstances better than any of us.  Me, I try to keep it simple.  I'd change passwords for any site which might be compromised by the hack.  Though not sure of what I have in synced notes would qualify for that, no passwords or confidential stuff therein.  Somebody sees my utility bill I'm not going to get too flustered.  Good luck.

[J Pih 1]

4 minutes ago, CalS said:

You know your circumstances better than any of us.  Me, I try to keep it simple.  I'd change passwords for any site which might be compromised by the hack.  Though not sure of what I have in synced notes would qualify for that, no passwords or confidential stuff therein.  Somebody sees my utility bill I'm not going to get too flustered.  Good luck.

The digital keys and passwords and so on are not what I'm worried about the most. Thanks. Good luck to you too.