Unauthorized Access to my Evernote Account (Account has been hacked)

[Shane D. 1,818]

Do you believe your Evernote Account has been hacked, or there has been unauthorized access?

[Shane D. 1,818]

Hi All,

If you see a device authorized on your account or access from somewhere that you don't recognize, someone may have learned the password to your account and accessed it. The Evernote service is secure and we want to make sure you take the necessary action to secure your account.

There are a few ways someone other than you could have learned the password to your account:

1. If you use the same password on Evernote that you use on another site, it may have been taken from a site not associated with Evernote. You may want to check a security breach site (like https://haveibeenpwned.com/) for details on security breaches from other companies that included your email so you can review and take action. 
    
2. If your password was taken from your computer or another computer you used to log in to your Evernote account. If you aren't using malware detection software, we recommend you download [Malwarebytes](https://www.malwarebytes.com/) to check and clean your computer.
    
3. If you received an email that appeared to be from Evernote but linked to a website (not www.evernote.com) that prompted you for your password. You may have been the victim of a phishing attack. Please forward us a copy of the email or link to security@evernote.com so that we can investigate it.

Unfortunately, we don't have the resources to tell you whether someone accessed your content or which specific notes they accessed. We've discovered in the past that some unauthorized individuals have searched accounts for passwords and cryptocurrency keys. If you have any in your account, someone may have copied them.

To make sure your account is secure, please do the following:

1. Change your password immediately. (Choose a unique password that you don't use on another website.)
2. Review the authorized applications and access history for your account. Revoke access to any applications that you are suspicious of or that have accessed your account from an IP address you don't know.
3. Set up two-step verification on your account as an additional layer of security.
4. Encrypt sensitive text inside your note. When you encrypt text in a note, a separate password will be required to view the text, even if someone, including you, has access to your account. 
5. If you stored any sensitive data in your account like passwords, credit card numbers, or cryptocurrency keys, you should consider changing them to stop or prevent misuse.

Please let us know if you found this information helpful by upvoting this thread, or by leaving a reaction.