Jump to content

account hacked, deactivated, now another notification of a hack the next day


Recommended Posts

Hello,

I had my account hacked and have been changing passwords, started two factor authentication, etc -- only to continue to get notifications. So I decided to deactivate my account. I did this yesterday. Today, I receive another note that someone from Egypt (I live in CA) has logged in.  How is this possible if I deactivated my account? I try to log in , and evernote asks me to reactivate. So I  try to reactivate, but now my password doesn't work. Can anyone help me? I opened a new trial premium account, so I could open a helpdesk ticket today but apparently there are significant delays. Any thoughts or ideas would be appreciated.

Thanks!

C

Link to post
  • Level 5*

Hi.  You seem to have taken all necessary steps - it's difficult to see how any unauthorised access could still be possible.  Unfortunately Evernote Support are the only people with access to the account to carry out any checks so I'm afraid you'll have to wait for their response.  Meantime though if you have anything in your Evernote account that you really don't want anyone to have access to - and as soon as you can get access yourself - I'd suggest you find somewhere else to keep it!

If it's any consolation I don't know how accurate those 'access from Egypt' warnings are - some connections were flagged on my account that were supposed to come from India,  but I recognised the IP address as my own...  and I wasn't anywhere outside the UK.

  • Like 1
Link to post
  • Level 5

IPv4 addresses are in short supply. They were sold in large blocks in former times, and were roughly related to geographic regions. But today the stock is completely assigned, and companies start to deal with IPv4 they were able to liberate (for example by switching cable customers to IPv6). This may happen intra-company at one of the global,players, or by selling them. It may happen that IPv4 from a block that was sold to one country will be reused in another.

Another explanation (probably more frequent) is the use of VPN services by hackers. Because this can’t be separated from legitimate owners traveling to another place, it is not easy for a global service like EN to tell users and hackers apart.

  • Like 1
Link to post
  • 1 month later...
  • Level 5

I find this plainly not plausible, if I take EN alone. Changing a password is a 1:1 communication with the EN server, and 2FA is a short lived code that allows access for a brief period of time only.

If you have a larger security problem, it is however possible. There are trojan attacks to PCs that plant a whole set of malware on a computer (typically on a Windows PC, Macs and Linux are harder to crack). Among them are keyloggers (that record every key you type) and screen recorders (that grab your whole activity on the screen) that send this information to their control server. If you use an infected PC, and hackers really want to get into your account, it is possible that you send them the information they need every time you try to bump up security.

No way for me to see if this is true.

If I had a security issue and wanted EN to do something about it, I would use another device (like a phone, through mobile data connection, not the usual WiFi) to log into my account, go to support and send EN a support ticket about the security problem. Select „Account“ as ticket type, because EN will only allow this type of ticket for a Basic account.

And then I would the hell solve my security exposure, either myself or if I don’t know about it by professional assistance. Not cheap, but letting it continue is no alternative either.

Link to post
1 hour ago, PinkElephant said:

I find this plainly not plausible, if I take EN alone. Changing a password is a 1:1 communication with the EN server, and 2FA is a short lived code that allows access for a brief period of time only.

If you have a larger security problem, it is however possible. There are trojan attacks to PCs that plant a whole set of malware on a computer (typically on a Windows PC, Macs and Linux are harder to crack). Among them are keyloggers (that record every key you type) and screen recorders (that grab your whole activity on the screen) that send this information to their control server. If you use an infected PC, and hackers really want to get into your account, it is possible that you send them the information they need every time you try to bump up security.

No way for me to see if this is true.

If I had a security issue and wanted EN to do something about it, I would use another device (like a phone, through mobile data connection, not the usual WiFi) to log into my account, go to support and send EN a support ticket about the security problem. Select „Account“ as ticket type, because EN will only allow this type of ticket for a Basic account.

And then I would the hell solve my security exposure, either myself or if I don’t know about it by professional assistance. Not cheap, but letting it continue is no alternative either.

Okay well I'm not lying, and Evernote is the only thing this happens to, so no, I don't have a security problem. Also, I feel like I should clarify, since enabling 2FA, nobody has been able to actually get into my account. I just keep get text messages saying "your verification code is xxx." But obviously before this, people were able to get into the account and I'd have to log in and revoke their access. I've had EN since June, and I've been actually hacked 5 times (including after a password change) and twice with 2fa.

Link to post
  • Level 5*
2 minutes ago, disgruntled123 said:

I just keep get text messages saying "your verification code is xxx."

So someone knows your password and is trying to access your account
Update the password, and only use it on the Evernote service
Don't use the same password on other services

Link to post
  • Level 5

There are other threads here in the forum regarding security issues.

If you read them (the forum search will take you to them), you find a lot of background and advise.

Common issues: Reused or weak user and passwords, no 2FA, security breaches on other services where login data was extracted (not at EN itself). It is a known issue that even 2FA based on messaging (not on apps) has been breached in the past (again not at EN), by hackers tricking a phone company into issuing a new SIM card for the same phone number.

Finding out what happens in your case needs more details than can and should be disclosed in an open forum. And not knowing if you have a security issue does not mean you don’t have one - it just means you don’t know. I can just repeat you probably should involve EN support - how to is described in my post above.

And that is it.

 

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...