Jump to content

Phantom access or hack

Recommended Posts


Is there a way to know if someone "phantom" accessed or hacked an account? I just got an e-mail that someone had access to my EN. This was the only time I received an e-mail reporting about such an issue; however, there are plenty of logins listed on the Privacy / Access History page, and none of those was me.


Link to comment
  • Level 5

You have answered your own question: Go have a look to the access page in your account information. If there is more than your own access, you have had a visitor.

First change your password. Never reuse passwords, pick a new, unique and strong one. Then unsync any unknown devices. Then if possible activate 2FA.

Probably you are reusing passwords on other accounts as well. It is time to change that - many accounts don’t have an access history to see what’s happening. I use a password manager to generate and keep track of all these logins. Get one, and change them all.

Link to comment
  • 4 months later...

I think that network security is one of the most essential points. We have to be very careful in this digital world. Having a sound network security system is fundamental to keep your personal information unphotographed, private, and secure. If we let some people get access to our personal information, they could do anything they want with it. That means not just thinking about protecting your data but also making tough decisions about who to share it with and how. That's why I hired a security specialist to help me with this question.

Link to comment
  • 2 weeks later...

I have had an access from another part of world from Evernote for ios and I have android. Please help me. Is it a bug? I am worried because I have important files on it. Is there a mail address for security for Evernote? Thanks so much for help! 

Link to comment
  • Level 5

If you are a subscriber, you can contact support. If not, not.

First thing secure your account: Immediately change your password to one strong and unique. This already locks out who may try access.

Then go to account settings, tab devices and revoke access for any unknown device.

If you want better security in the future, enable 2FA.

Probably you are reusing your passwords. Then other services may be in danger as well. Every single service needs a strong and unique password as well. Get yourself a password manager and change all passwords to any important service you use, starting with email, banking and social networks, then everything that is linked to online purchases.

Link to comment
  • Level 5

Check the time - maybe it was yourself.

The IPv4 address and the location based on it are only rough estimates. I have been travelling recently (inside of Germany) and got some rare accesses. But it was simply the IP routing that showed a strange location, the date and time of the access was myself.

If you have 2FA enabled, you will get an SMS on every access try. This gives you a good control over what is going on. Without the code in the message the account stays locked.

Link to comment

SO - I have the same issue as those outlined above with the access from other countries, and luckily I did not have any sensitive information stored on my account. I changed my password and set up two factor authentication (which quite frankly when I set my account up many, many years ago I don't recall as an option, and I have not used my EN account for several years, so it wasn't front of mind). 

I removed access for the unauthorized devices (how was I not informed of those?).

Then today I get an email today with spam/fishing that is from MYSELF using both my evernote address and my secondary address on EN as the sender! So, I guess since they couldn't get any personal data they just stole my email identity?

I've changed my password, set up 2-factor, etc, how are they still using my email? I went ahead and reset my evernote email and changed the other email on my EN account. Will they still be able to use those email accounts?

I have so many notes, etc on the EN account, but rather NOT spend forever exporting them one by one - I'm ready to just delete my EN account and let it all go - none of it is critical even though I'd like to keep it.

Edit - I did find I had uploaded a phone bill and a paycheck stub back in 2015 - not sure if the hackers accessed that information by downloading the attachments. Wow. I wish those foreign access events had been flagged or prevented somehow.

Edited by CG5
  • Like 1
Link to comment
  • Level 5

Are you sure it is only your EN account that got compromised ?

If you use your email address as account ID for EN, they know it because they used it to access your account. Not a big surprise.

It is pretty easy to falsify the sender of an email, so the real sender can be replaced by the mail address taken from the account. You can check whether your login data shows in one of the many internet breaches that have happened in the past years (not at EN) here:

Beside this I would make sure that my computer is not compromised. Since malicious software got pretty good at cloaking itself, the best way is to download a virus scanner to an USB stick, together with a small OS. Then start the computer from this Stick and perform a full system check. It will take several hours and tell you with some confidence whether there are persistent threats installed on your machine.

Link to comment
  • Level 5

Yeah, it is the modern pest.

When your data shows up in a breach, the hackers load it into their control servers, and have all the usual suspects among the accounts checked for exploits before you have finished reading this.

The only defense is a good password management, combined with 2FA wherever available.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...