Jump to content
  • 0

Misleading "New login to Evernote" email warnings


Chris Lee

Idea

About once a month I get an email from Evernote with the subject "New login to Evernote".

The latest (today) is below. They all have the same format, just different locations and IPs. I am in the US and never use Android to access Evernote.

We noticed a new login to Evernote and wanted to make sure it was you. 
When: February 05, 2021 08:20:08 AM GMT+07:00 
Where: Jakarta Raya, Indonesia
IP Address: 125.161.130.131
Device/Browser: Evernote for Android 

Each time this occurs I have opened a support ticket and always get boilerplate, useless responses. I already have a strong password that is changed regularly. I have two-factor auth turned on. I check the Access History in my Evernote account and it never shows any access related to what is identified in the emails.

I wish Evernote would do something about this. It's needless notification if it's not accurate. And if it is accurate, then why is it not showing up in the Access History?

Any one else experience this?

  • Like 2
Link to comment

15 replies to this idea

Recommended Posts

  • 0
  • Level 5

Probably access was attempted and rejected, because you run good security.

The only way I know to get rid of it is to change your EN user name. This is no self service feature, I believe support can do this for you.

To check if the user name you use is in one of the myriads of security breaches at other services, you can look here:

https://haveibeenpwned.com

Link to comment
  • 0
  • Level 5

They could ...

Probably the best way to tell them this is by a support ticket. From experience they take security issues seriously, so probably it in their own interest to sound the alarm only when it is necessary.

I would still try to change the EN user as well, to take the account out of the permanent attacks. They might get lucky one day ...

  • Like 1
Link to comment
  • 0

I just had this exact same thing happen this morning. I have a unique, frankly unfriendly Evernote password + use 2-factor, and when I logged in there is no record of any nefarious activity in Evernote's Access History. This is worrisome because even if the email is automated and telling me about an access attempt (versus a breach) the lack of clarity is concerning. If I were hacking someone's account, I would clean up my own trail, too! 

I understand this community likely can't help with this, but I think it's important to document issues like this publicly for the Evernote team to be held accountable.

  • Like 1
Link to comment
  • 0

This same thing happens to me. I get this email once a month, but as "Chris Lee" says, you check your login history and nothing is there other than MY logins....so its very worrying i get this email but then in the app it doesn't show it.

Link to comment
  • 0
  • Level 5

You check, and see if an access was successful.

AFAIK the mails will as well be send when the access was tried, and failed (maybe after a number of attempts, don't know the details).

So instead of being worried, I would be happy that my account is safe when I don't find another device.

Why they try ? Because probably your user data is in one of the many breaches that happened in the past (not at EN, at other services). You can check here, and then try to change the critical userIDs.

Link to comment
  • 0
  • Level 5

Have you raised a support ticket? The problem was identified and supposedly fixed. Perhaps you have a serious issue or perhaps it is nothing to worry about. Support will be the way forward since these forums are primarily user to user.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...