poida 2 Posted August 2, 2021 Share Posted August 2, 2021 Hey all, hope everyone is staying safe. What prompted me to reach out to community was that I received a notification that someone had accessed my Evernote account their iPhone in Brazil. I immediately changed my Evernote password and Revoked all devices - would a copy be stored on the intruder's phone? And why is it that I can't create a ticket or email Evernote support? Any help on how to protect all bases would be much appreciated! I've also looked into my notes and it looks like I don't have anything sensitive that I think the intruders could use. Thank you! Link to comment
Level 5* gazumped 12,070 Posted August 2, 2021 Level 5* Share Posted August 2, 2021 Hi. Who notified you that your account had been accessed? If it was Evernote, they should have sent you a link to their help pages on this - What to do if you suspect unauthorized access to your Evernote account Link to comment
poida 2 Posted August 3, 2021 Author Share Posted August 3, 2021 Thanks gazumped! I didn't click anything in the email (just in case it was going to redirect me to anything else or phishing) It does look like that page is linked, I can confirm it via the access history within the Security Settings > Access History So bummed on this right now Does it actually download a local copy of the Evernote's contents onto an iPhone? Thanks again Link to comment
Level 5* gazumped 12,070 Posted August 3, 2021 Level 5* Share Posted August 3, 2021 1 hour ago, poida said: Does it actually download a local copy of the Evernote's contents onto an iPhone? No. Most likely someone using credentials posted online was checking to see which ones worked and which didn't. If you follow the advice in that link your data should be safe. Link to comment
Level 5 PinkElephant 8,819 Posted August 3, 2021 Level 5 Share Posted August 3, 2021 ... and even if it did show as an iPhone, it most likely was no phone, but a remote computer running a script on a huge file from the darknet, trying the credentials. It is not rocket science to mimic another device, and to digitally change the location. Because this is usually not an attack on a single type of account (like EN), you should improve all of your accounts safety: Change passwords, use good ones, use a unique one for every service, put them into a password manager. Enable 2FA wherever possible. Start with your email accounts, then everything with money (banking, shopping) and personal information, including social media. 1 Link to comment
poida 2 Posted August 4, 2021 Author Share Posted August 4, 2021 Thank you @gazumped and @PinkElephant! Puts my mind at ease, noted on securing my accounts. I've been lazily updating my passwords with unique ones using a password manger - will make it a priority now. Thanks again! 2 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now