Jump to content

Hacked by someone with another IP address

Recommended Posts

Today, I opened up Evernote and was greeted with a screen saying I have reached my limit of 2 devices and that I was trying to add another one, making me remove one. This is odd because I only have 2 devices. Upon further inspection of my activity log, it seems an IP address under in Czech Republic using an Android device has reached into my account and made their access as my #2 device. This means while I am using device #1, they will be behind the scenes using my #2, looking at my notes. I am from Georgia, United States and I do not own any Android devices. 

I changed my password and enabled two-factor-verification. Can someone at Evernote please give me back one of my free device removals back and to make sure this account is removed from accessing my account after I changed my password? (I am worried that even though I changed my password, they are still in the device until they logged out. ) I did remove their account using my free removal one. 

It's funny because Evernote's Access History states "As part of our continuing efforts to improve security in Evernote, we are now sending an email notification when a login anomaly is detected." Yeah, Evernote.. Georgia, United States and Czech Republic are totally legit places to be considering the distances and definitely not "anomaly" at all. I guess Evernote got confused with Georgia, the COUNTRY. Maybe that explains why they thought Georgia and Czech Republic was reasonable. All jokes aside, I did not receive any e-mail notification when a login anomaly was detected. Spam did not have it either. 

If this is because of the ice storm in Texas and that there is a lack of technical support or security support due to it, then my heart goes out to the team, but this is still a huge security issue. Even those who use their platform for free have every right to privacy protection.  


Link to comment

Same thing happened to me on Monday AM. I live in North America, Time zone: GMT-5 and I couldn't access my Evernote Web account because I supposedly have reached the 2 devices limit. I checked my profile and saw that 12h before, an Android device from Malaysia was added to my account. I immediately removed it, changed my Evernote password, the email address I used to login as well,  and spent the whole morning changing my passwords on various websites. Why? Because I have been using Evernote for 10 years and there are tons of sensitive information in my account. Sure, they are encrypted but it is the same catchphrase for all my notes.

Anyway, migrating to a different platform!

PS: I knew something was fishing because exactly 12 hours before, I got a Spotify notification about a weird login from a different country. So, I know that my email address and password have been used accross different platform

I checked these 2 websites: https://haveibeenpwned.com/ and https://sec.hpi.de/ilc/, and sadly found out that my credentials were compromised despite Google Checkup and BitDefender Account Privacy saying the opposite.

Go figure!

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...