Misleading "New login to Evernote" email warnings

[Chris Lee 7]

About once a month I get an email from Evernote with the subject "New login to Evernote".

The latest (today) is below. They all have the same format, just different locations and IPs. I am in the US and never use Android to access Evernote.

We noticed a new login to Evernote and wanted to make sure it was you. 
When: February 05, 2021 08:20:08 AM GMT+07:00 
Where: Jakarta Raya, Indonesia
IP Address: 125.161.130.131
Device/Browser: Evernote for Android 

Each time this occurs I have opened a support ticket and always get boilerplate, useless responses. I already have a strong password that is changed regularly. I have two-factor auth turned on. I check the Access History in my Evernote account and it never shows any access related to what is identified in the emails.

I wish Evernote would do something about this. It's needless notification if it's not accurate. And if it is accurate, then why is it not showing up in the Access History?

Any one else experience this?

[PinkElephant 8,188]

Oh, you prefer a service that will not notify you about attempts of entering your account.

OK, fine with me, your choice.

Others would likely see if they want to change their password, or enable 2FA if not yet active. That would be the natural reaction for me if I would receive such a notification. Usually it means the user name is circulating in the dark net - other services may be exposed as well.

[John in Michigan USA 129]

It's been a while but yes, I do remember getting a few notices like these that did not have a corresponding entry in Access History.

[PinkElephant 8,188]

Probably access was attempted and rejected, because you run good security.

The only way I know to get rid of it is to change your EN user name. This is no self service feature, I believe support can do this for you.

To check if the user name you use is in one of the myriads of security breaches at other services, you can look here:

https://haveibeenpwned.com

[Chris Lee 7]

If this was only an unsuccessful attempt to log into my account, then Evernote should change the text of the email notification to be more accurate and informative and less inflammatory. 

[PinkElephant 8,188]

They could ...

Probably the best way to tell them this is by a support ticket. From experience they take security issues seriously, so probably it in their own interest to sound the alarm only when it is necessary.

I would still try to change the EN user as well, to take the account out of the permanent attacks. They might get lucky one day ...

[Chris Lee 7]

I've made that suggestion in every ticket I've opened.

Maybe they'll pay attention some day.

[Lindsay is annoyed 1]

I just had this exact same thing happen this morning. I have a unique, frankly unfriendly Evernote password + use 2-factor, and when I logged in there is no record of any nefarious activity in Evernote's Access History. This is worrisome because even if the email is automated and telling me about an access attempt (versus a breach) the lack of clarity is concerning. If I were hacking someone's account, I would clean up my own trail, too! 

I understand this community likely can't help with this, but I think it's important to document issues like this publicly for the Evernote team to be held accountable.

[bdh18 0]

i just got this email warning today...I've also received a few in the past...today's is what got me here...if it's BS...I really do t want to change my passwords,  etc if unnecessary 

[PinkElephant 8,188]

You can see if there was an access in your account settings. There is an access history.

Beside setting a strong and unique password, you can build another barrier by enabling 2FA.

[Knivez 6]

This same thing happens to me. I get this email once a month, but as "Chris Lee" says, you check your login history and nothing is there other than MY logins....so its very worrying i get this email but then in the app it doesn't show it.

[PinkElephant 8,188]

You check, and see if an access was successful.

AFAIK the mails will as well be send when the access was tried, and failed (maybe after a number of attempts, don't know the details).

So instead of being worried, I would be happy that my account is safe when I don't find another device.

Why they try ? Because probably your user data is in one of the many breaches that happened in the past (not at EN, at other services). You can check here, and then try to change the critical userIDs.

https://sec.hpi.de/ilc/?lang=en

https://haveibeenpwned.com/

https://cybernews.com/personal-data-leak-check/

[Chris Lee 7]

This cannot be explained away. It is broken and needs to be fixed. 

[PinkElephant 8,188]

We agree to disagree.

Have a nice day !

[Chris Lee 7]

Do whatever you want. 

[Lauren Schwaar 0]

For anyone else reading this thread, I too have had this happen regularly (in the weekly/biweekly range) for the past few months. I also have two-factor verification settings in place and I feel similarly that it's a problem worth noting/fixing.

-LS

[agsteele 2,956]

Have you raised a support ticket? The problem was identified and supposedly fixed. Perhaps you have a serious issue or perhaps it is nothing to worry about. Support will be the way forward since these forums are primarily user to user.

[Filotte 1]

This happened to me this morning. During the night someone apparently logged into my account from Mexico - I'm in Denmark. Sheer and utter panic here... changing passwords and usernames on several websites, as I save them in EN (nothing that could ruin my life, but simply cause a lot of hassle...). 

Then I discovered the account activity log and the entry about login from Mexico is not on the list!

Very annoying! Seeing that this thread was started over a year ago, I reckon they didn't fix this problem. I'm contacting EN support about this now.

[PinkElephant 8,188]

Where is your problem ? 

If you read through the thread, it may well be that a violent attempt to access your account failed - but still alerted the watchdogs. So, the dogs were barking, and you lost some sleep. You prefer the dogs were not barking, and instead of sleep you lost data, or even access to your account ?

Read my lips: There-Is-No-Problem . Just good security routines by EN. And good routines need no „fix“.

Changing a password from time to time is no bad training after all. If you had enabled 2FA before you could even change PW without the panic part. Cracking a good password plus 2FA is less likely than shooting an arrow with a longbow in the rain at midnight, trying to hit a specific raindrop.

[Peter Wolf 0]

You can be smart and try forcing your belief to other people but that doesn't change the fact some of us simply just think differently.

I only received the first similar email this morning, but it straight made me wanna leave Evernote and find an alternative for my needs.

If the company is stupid enough to let it's users leave them behind because of a small (or major, depending on who you ask) spelling error (by making us panik and spend time with research just to make sure if it was a real threat or not...) then I don't know what to say.

I think if someone will raise a ticket in the future that highlights the fact they're losing customers because of this, they might think differently about the issue.