Account breached/hacked

[Samie 0]

When I logged into my account recently, I was informed I would have to upgrade because I had too many devices on my account.  I have my laptop and iPad.  Checked to see what this is all about and to my shock, it showed an Android phone was listed on my account!  I immediately deleted it.  

What is really alarming, I recently had two different credit cards compromised on the same day.  Could the Android have gotten beyond my Evernote account?  In researching further, I discovered my account was accessed from in Sept. and Oct. from Iran, etc. (see attached file)

How could this happen?  Feeling extremely insecure with your product.

[gazumped 11,639]

Hi.  There are several threads on this Forum dealing with 'phantom' access to the account - usually via your user name and password sourced from another account breach online.  If Evernote is given the right credentials for access it doesn't have any way to trace that you're not elsewhere in the world.  There are several ways to protect yourself - check for breaches here https://sec.hpi.de/ilc/?lang=en or  https://haveibeenpwned.com/ 

-and-

https://help.evernote.com/hc/en-us/articles/115004395487-What-to-do-if-you-suspect-unauthorized-access-to-your-Evernote-account 

[PinkElephant 8,048]

9 hours ago, Samie said:

What is really alarming, I recently had two different credit cards compromised on the same day.  Could the Android have gotten beyond my Evernote account?  In researching further, I discovered my account was accessed from in Sept. and Oct. from Iran, etc. (see attached file)

How could this happen?  Feeling extremely insecure with your product.

My feeling is you should feel insecure with your use of accounts and passwords.

EN has not been breached (it has appr. 200 Million users, there would be reports if anything like this happened). But probably you use the same login for different accounts. When one of them gets breached, you expose all the others. It is known that hackers buy files with stolen credentials, put them into a database and test them automatically against all sorts of accounts. When one of them opens, the hacker gets an alert and takes a look.

The different places are the result of the bad guys cloaking their real location. They could sit in the apartment next to yours, but by using VPN technology they can move their virtual location elsewhere.

To make EN secure, change your password and activate 2FA, then deauthorize all devices that are not yours.

For all other accounts, get yourself a good password manager, and change ALL login credentials. Each service needs a good, strong and unique (!) password. Start with your mail accounts, because they are used to set back other services. Then everything connected with money (banks, online shopping etc.), then the rest. Wherever it is offered, activate 2FA as well.