Jump to content

Security issues?


Recommended Posts

I’ve seen a few folks mention security breeches in their accounts and kinda chalked that up to their mistakes, until today. 

First, I have a computer generated unique password for Evernote only. I have two step verification through google Authenticator enabled. I also have revoked all access to any app or device I am not using now so I know exactly who accesses my account and when. 

I am in the UK and checked today and low and behold there was a log in from both Texas and New York into my account on the 16th of August! Naturally that’s not me. What makes this even more concerning is that the log in carries the device name of my iPad - ie the system, it appears has allowed access to my account thinking they were using my iPad which is naturally incorrect. 

I have contacted support but wanted to see if anyone here has had something like this occur? I’m urgently going through my Evernote deleting any note with anything near confidential info on it, which sadly I have and may need to report this too as a GDPR breach due to uk laws which could lead to trouble for me. 

Really disheartened and sadly going to have to discontinue my use of Evernote as I cannot have this kinda thing :(  

Link to comment
  • Level 5*

Hi.  I think you may be overly concerned.  If you have 2-factor auth and your devices have not recently visited the US,  there's no reason to suspect that someone has accessed your account.  My suggestion would be to change your password to be safe,  but otherwise to wait and see what Support actually say.  You could also check the IP addresses shown for the recent accesses.  I also noticed similar activity on my UK-based account from Italy and India - but the IP address shown for both accesses happened to be the one I am currently using.  The location data for some addresses is 'unclear' - especially where a company has servers in more than one country.

GDPR,  by the way is a European regulation that no longer applies to the UK unless you are regularly trading in that market or have representation there.

  • Like 1
Link to comment
  • Level 5

Hmmmm - from the time stamp of the access, can you be sure it was not yourself ?

The location is usually generated by the IPv4 address. Since they are in short supply, they sometimes get exchanged. If a block was registered for one place, and an IP from that block is used elsewhere, it may show a wrong geolocation.

The surest way to exclude it may have been myself is an access at a time when I was not using EN.

Edit: Seems I won silver this time 🤣

  • Like 3
Link to comment
1 hour ago, gazumped said:

but the IP address shown for both accesses happened to be the one I am currently using

This is the issue, the IP addresses in question are not matching. Generally I can tell by the ip kinda where I am and the networks kinda group. All my ips I can tell if it’s work WiFi, if it’s home etc these two are complete anomalies. They bear no relation to any other. 

Link to comment
  • Level 5*
5 minutes ago, WilliamL said:

Apparently both of these IPs that accessed my account are linked to Akamai technologies in America. Not sure who they are or what that means but I’m not finding anything that’s reassuring. 

OK - It's pointless to speculate;  If these are genuine unauthorised accesses,  then Evernote will need to investigate.  I'm not clear how there can be a way to attempt to log into an account if you don't have the correct password and the 2-factor code.  I just don't know (and I don't think anyone outside of Evernote can know) what actions generate these reports,  and how serious the notification is.  Please let us know what Support say eventually!  (I'm imagining they may take a little while to look into this).

Link to comment
33 minutes ago, gazumped said:

OK - It's pointless to speculate;  If these are genuine unauthorised accesses,  then Evernote will need to investigate.  I'm not clear how there can be a way to attempt to log into an account if you don't have the correct password and the 2-factor code.  I just don't know (and I don't think anyone outside of Evernote can know) what actions generate these reports,  and how serious the notification is.  Please let us know what Support say eventually!  (I'm imagining they may take a little while to look into this).

Thanks, will do. I’ve gutted out my EN, removing anything work related or that identifies other people. Hopefully that reduces further risk. I’m totally perplexed by it as I’ve followed all the advice and I alone have the Authenticator access. I’ll see what support says but I’m not so sure there is value for money for me if I can’t confidently store stuff and forward in work emails etc. 

  • Like 1
Link to comment
  • Level 5

Akamai is a network provider who speeds up network access. Basically they do distributed caching, so content does not need to be pulled from the originating data center. Then web security, and services to developers. They are huge, and trustworthy. 

https://www.akamai.com

On my access list I regularly have some IPs that don't match my own. Not as far away as the US, but still not nearby or known to me. But access times match times when I have used EN. Typically when I was on another network, that does not have a local IPv4, or using my VPN provider. So I am not worried.

As a hypothesis (but support is for sure a good option when security is concerned): They may have rerouted EN traffic over their access structure, for completely regular reasons within their field of business.

Link to comment

I just checked my access list as well and get the same IPs pointing to New York and Texas US (Akamai...). Definitely never left germany the last months. All on august 16th as well. I am going to contact support chat.  If not a security breach then there is really something wrong with their access list... Could other forum members check as well? Thank you.

Link to comment
  • Level 5*

So I looked - and yes,  I also have an Akamai server in Texas on my list...  However...

Quote

 

Other websites that were impacted included Microsoft, Evernote, Go Daddy, Vanguard and a number of other tech or financial-centric domains, according to Down Detctor.

Akamai Technologies, a global content delivery network that provides backbone internet services, said in a statement that 'a software configuration update triggered a bug in the DNS system, the system that directs browsers to websites.' 

'This caused a disruption impacting availability of some customer websites,' the company said.

 

https://www.dailymail.co.uk/news/article-9815325/Major-outage-hits-major-websites-911-services-multiple-East-Coast-cities.html

Seems it may not be a security problem after all....

Link to comment

Thank you @gazumped! That could explain false listings in access list but the news is from july 22?

Support agent did not know and transfered my question to technical support. Let's see. Maybe changing password and resetting 2FA could be a good measure anyway.

 

  • Like 1
Link to comment
  • Level 5

Howdy, my name is Pinky, and I‘m from Texas 🤠 - no, I‘m Phanty(astic) from The Big 🍎 …

Yes, there are accesses listed, all IPs belong to Akami technologies (link see above), keep cool.

To compare:

172.232.7.93 

and others from the same block

23.43.58.118

and others from the same block.

So everybody who wants to panic 🙀, this way to the lifeboats, women and children first, please keep the 🎹 playing while we sink  🐟 .

Personally I don’t care at all. The access IPs in my access list is only very rarely my home IP. 

Either way EN has a serious security issue bypassing sterling level passwords plus 2FA, or it is the ISPs playing DNS Bingo.

Went to the barber, asked him for Ockhams razor, and zaaaap, the ISPs won.

  • Confused 1
Link to comment
1 hour ago, Alxa said:

I just checked my access list as well and get the same IPs pointing to New York and Texas US (Akamai...). Definitely never left germany the last months. All on august 16th as well. I am going to contact support chat.  If not a security breach then there is really something wrong with their access list... Could other forum members check as well? Thank you.

Hmmm, was both the 16th for me too, nothing before, nothing since. Some here might be content to make light of this concern, that’s fine, but I can’t fathom how I US ip could be in my access history with me using it. Hopefully support will get back in touch, their first reply was to tell me to do all the things I had already said I’d done. 

Link to comment
  • Level 5

If it was the DNS resolver, read a little about what they do: It is basically the address translator of the internet, converting the address you or an app calls (like Evernote.com) into the computer address 123.156.189.231 (let us not talk about IPv6, this is another story). If this resolver does not work properly, everything can happen.

In fact I had another access from the US in July, and today from Romania. WTF - I provoked the later one, by using my VPN provider. I thought I was in Australia (in fact I was, virtually, you can note it by looking what advertisements you get when browsing), but obviously the IP was translocated from Romania (where it was registered) to Australia. Probably the same mechanism brought the „US“IPs into your access list.

But everybody is entitled to its own demons, so if you decide to worry, do so.

Link to comment
  • Level 5*

To paraphrase a fantastic author (and there's a pun in there somewhere...)  Sir Terry Pratchett once (almost) said "A rumour can run round the world before the facts have got their boots on.” - No one here knows what's happening - none of us have access to Evernote's server logs. All we have so far are rumours and speculation.

There is no point in wondering about the issue (apart from inspiring a good panic attack).  If you have unknown accesses in your history,  raise it with Support by email if you can,  Twitter if not. 

When you get some concrete information,  please come back here and tell everyone else.  Meantime change your password, use 2FA and relax if you can...

https://help.evernote.com/hc/requests/new

https://twitter.com/evernotehelps

 

Link to comment

I had same issue. On 16th August Akmai IP showed access on all of my 3 devices.

That was problematic for me as I have 2FA and Google login enabled and if I am entering password I will add it with 1Password, so basically I will never write something, taking that in consideration I wasn't so worried, but I didnt like to see that there is some Texas and New York login :)

But, what is problem for me is very bad support from EN where I talked with person on chat who actually told me that they don't have resources to monitor who logged in or what could be done. Also, all responses were generic I am sorry for your situation blah, blah, without any useful info what to do, btw, I googled and showed them IP of Akmai but their response was only "I am sorry for situation" with winner answer to remove Google login as entering email and password manually is better for 2FA. For me that is problem, as it potentially shows that if there is real hacking actually we are on our own. Not good feeling.

Link to comment
  • Level 5

I really don't know why everybody is so eager to go to support in case a security issue may be at hand. The 1st level support has no access to the accounts (which is a GOOD decision), that is why they need to ask for every information when you send them a ticket. Before you explained it and got the first answer, a real breach could do real damage.

If you don't know yet that resetting your password plus dropping unknown devices revokes every access at point blank: Simply go to the EN help database, and you find THIS in 10sec. Apply it, done.

https://help.evernote.com/hc/en-us/articles/115004395487

About the current issue: It was well explained that there was a severe problem at Akamai, mixing up the whole internet on the 16th. Nobody here produced any proof of a hack, other than weird IP-addresses in the login file. Device names are correct, login times match when we used the accounts ourselves. Why is it so hard to accept that "the internet was broken" for an hour or so on that day, completely out of each for EN ?

OK, I go to sleep, and I will sleep tight. Everybody else here please continue to panic - will make good reading tomorrow over the breakfast 😇

Link to comment
7 hours ago, PinkElephant said:

I really don't know why everybody is so eager to go to support in case a security issue may be at hand. The 1st level support has no access to the accounts (which is a GOOD decision), that is why they need to ask for every information when you send them a ticket. Before you explained it and got the first answer, a real breach could do real damage.

If you don't know yet that resetting your password plus dropping unknown devices revokes every access at point blank: Simply go to the EN help database, and you find THIS in 10sec. Apply it, done.

https://help.evernote.com/hc/en-us/articles/115004395487

About the current issue: It was well explained that there was a severe problem at Akamai, mixing up the whole internet on the 16th. Nobody here produced any proof of a hack, other than weird IP-addresses in the login file. Device names are correct, login times match when we used the accounts ourselves. Why is it so hard to accept that "the internet was broken" for an hour or so on that day, completely out of each for EN ?

OK, I go to sleep, and I will sleep tight. Everybody else here please continue to panic - will make good reading tomorrow over the breakfast 😇

Sorry @PinkElephant but i dont agree :) I have some files ( business ) that i wouldnt like to be hacked. I dont know what you have but for me my data is valuable to me and security is number one thing for having  confidence in app/product.

Thats why you take service from known companies instead others. Also, i expect when I contact support as customer who is paying to get support and security in answers, not guesses, not situation where i need to google and ask. I expect proactivity from support.

 

Also, why i wanted support is that for example from link that you sent i have all steps done. Yes i have 2FA, i dont have no not authorized devices or services i review acces history regulary and i use password only with 1Password or Gmail login. 

Hell, you gave better answer to problem that we/I had than support, and that is not ok.

Support is backbone of confidence in app.

 

 

Link to comment
14 hours ago, Alxa said:

Thank you @gazumped! That could explain false listings in access list but the news is from july 22?

 

 

I want to requote. The akamai outage was around july 22th. Our access lists point on mysterious access on august 16th. For me explanation is still to come (from Evernote).

Link to comment
  • Level 5

@Frki2 All true, and maybe EN needs to get the guys at support better trained on this. They hired a lot of new people, if I look at who answers to my tickets on 1st level. No excuse, except that probably they rarely run into security tickets, but had a lot of v10 traffic.

But support (mainly) works US west coast office hours. So OK to check back with them, but worst case it means waiting more than 12hrs (or a full weekend) to even reach them. If there was a breach, getting it confirmed „then“ is no good. Taking action only then is worse.

Here is some background about EN security measures:

Another look at the szenario:

The first level of access is knowing the userID. Everybody can check if the mail address used for EN does already show up in breaches of the past. Getting a new (virtual, complex like a password) e-mail for this login is no problem, change it yourself, today, now, done.

To check use these links

The second level is the password. Strong (long enough, PW rules, …), unique (not reused or modified from others), safely kept. My advise is to use a password manager.

The 3rd level is to set up 2FA. I use Authy to create my codes - can be installed on a number of devices, independent from the PW manager.

We have had NO case in the forum where somebody did follow at least rule 2 and 3, and the account was hacked. We had false alarms like this one in the past - perfectly OK to ring the bell, no doubt about that, but all eventually got sorted out.

The main remaining risk IMHO is that the servers get cracked through other means, like a zero-day or server malconfiguration. But then 1st me as a user would not even notice an access (because the front door still is locked), and 2nd there would be nothing I could do about it.

Life is not without risk …

  • Like 2
Link to comment
1 minute ago, PinkElephant said:

Send a support ticket yet ?

Yesterday late evening here in Germany (office times at EN) as I wrote chat gave it to technical support, waiting for answer.

  • Like 1
Link to comment

Thats three users all stating access to their accounts on the 16th, in each case they were from Texas and New York, yet we are being told here we are worrying about nothing because, if I’m following the argument, somehow each of us, by complete coincidence, each managed to have our IPs mislocated and each of us was accidentally seen as in New York and Texas.  I think that is a leap I cannot make.  It seems far more likely to me, with three users each noting the same thing and from different areas in the globe that there has been some sort of incident. 

As I said I will see what support says, so far I have had no further response and the one above are sure not encouraging.  Three people all getting their IPs mislocated to the same area in the US, all on the same date, I am off out to do the lottery.

Link to comment
  • Level 5

Well, I placed my geolocation via VPN in Australia yesterday (and it worked), but the IPs location listed in my EN access was Romania.

If it is a lottery, it is still running hot.

The much more likely explanation is that the locator just based on an IPv4 is not working well any longer, because IPs are in short supply and shoveled around the globe to where they are needed.

One of the „16th IPs“ showed by EN to be in NY was located by the IP locator I used in Texas, still in use by Akamai.

Wish you luck with support.

Link to comment
  • Level 5*
52 minutes ago, WilliamL said:

Three people all getting their IPs mislocated to the same area in the US, all on the same date

If there was an outage I'm surprised it's not more - but to repeat:  if you have a unique password that you have changed recently,  and use 2-factor auth,  no-one can access your Evernote account without your knowledge - it's quite possible a robot running through thousands of user names and passwords obtained elsewhere could try to gain access,  but it would not get past the log-in screen. 

Evernote do issue precautionary emails to individual users from time to time where their system notices an anomalous log-in attempt.  If they didn't flag these specifically,  they could well be down to the vagaries of the Internet and the occasional glitch in web addressing.

Check the sites @PinkElephant mentions above to see whether your email address has been posted online...

  • Like 1
Link to comment
1 hour ago, PinkElephant said:

Well, I placed my geolocation via VPN in Australia yesterday (and it worked), but the IPs location listed in my EN access was Romania.

If it is a lottery, it is still running hot.

The much more likely explanation is that the locator just based on an IPv4 is not working well any longer, because IPs are in short supply and shoveled around the globe to where they are needed.

One of the „16th IPs“ showed by EN to be in NY was located by the IP locator I used in Texas, still in use by Akamai.

Wish you luck with support.

@PinkElephant can you please try something, can you visit with VPN EN to get different address and than see which device was shown? Or if all yours devices were shown with this IP that you visited.

 

Tnx

  • Like 1
Link to comment
  • Level 5

Hi all, EN may be a perfect (OK, let us discuss this another day) note service, but they need a new globe (or a better IP-locator).

Tried 3 locations today, 1 yesterday. The IP-locator always showed the same location as I had chosen in the VPN service.

Evernote managed to get the continent (!) right in one case, all the others were placed completely wrong.

I put the results into a note, for everybody to check. I stopped after 3 attempts, don't want to get my access blocked by some security mechanism.

https://www.evernote.com/shard/s747/sh/ef1f2368-d5f7-c71c-d2c4-0e5041555010/4b786002a9ec2aba8d612146c7c1acfe

Conclusion: EN access history shows the access from an IP, and the IP shows correctly. But the location added to it is not reliable at all - although it usually shows myself at the right place with my home IP, and at least close (several hundred kms, which may be the server location of the ISP) when travelling here in Germany. But the VPN-Server spots are way off.

Edit: Tried the link, the picture embedded won't show in my browser. The rest is fine.

  • Like 1
  • Thanks 3
Link to comment

Tnx a lot on this @PinkElephant. Definitly their IP locator is not really accurate :)

For me additional questions were devices, as this Akmai IP showed as used devices my computer and my phone, with 2 different IPs in same Akmai network. That was wired for me.

Easy solution for security on EN side would be to give us option to allow access only for countries we choose, and IPs from these countries.

 

Link to comment
  • Level 5

Tried it on one device, which should do. The device names show correctly in my account, for all devices. This is a general hint, don't  keep the generic name of your device, change it to make it stand out.

Even if somebody would get access, he probably would have no chance to fake the device name in advance (!) as well. And if somebody could fake the server log at EN HQ, the breach would be major (more a loss of control ...).

The new access showed very fast, BTW. I established the VPN connection, then checked the IP, then opened the EN client and modified a note, forcing a sync directly after. The access log (which I had open on another device) showed the new location within seconds, no longer than a minute. This part of the setup works really good - except for the location.

Link to comment

Switching IP's this frequently (geo based) should trigger an event for the users. Alert them about strange login behavior and let user acknowledge the attempt, if 2FA is enabled asked new verification. This could be a start to get security beter...

Security within the Evernote apps/web isn't the best and needs a big improvement. There is a lot of user data collected from compromised Evernote accounts (several reasons why the accounts are breached). Evernote needs to improve and update the login policies and step into the year 2021, 2FA isn't enough it's just an extra layer and people think it's ok to store sensitive data in a note... but is isn't save enough, and they know but has no priority at this moment. 

Link to comment
  • Level 5

From all cases I have seen here, or that were reported elsewhere, there is a single reason why accounts are breached: Standard UserID plus reused or plain simple passwords, plus no 2FA enabled.

So one layer of security broken, another broken as well, or too weak, and the third possible layer not even implement.

But sure, always telling EN needs to do this, EN needs to do that. No, it is IMHO the users responsibility to use the measures available.

I pointed to a single issue: That the geolocation in access history is sometimes off. That is hardly a reason to question security in general.

But if you think it is not secure, draw the consequences: Take your stuff and move on. Because security in the end is a question of trust - and you obviously don’t trust EN. This can’t be healed, and I couldn’t care less.

Link to comment

@gazumped don't think that the sources are appreciated on this forum, sorry for the blunt statement btw... I whish it was different.

But I don't think I'm reviling something new, data is collected when accounts are breached... this is for all applications the case. 
My point was, maybe to aggressive/negative for some, that security for Evernote is not on current standards... And with millions of users this is an issue. And yes a lot of issues are self-inflicted and cause by users themselves, but Evernote can gear up the security...

Link to comment
  • Level 5

No breaches other than user inflicted, all measures in place that cloud services usually offer, distributed copies of all user data, fully encrypted servers, no known successful brute forcing, no known DDOS attacks, no ransom problem ...

Have I forgotten anything ?

I don’t think tracking users geolocation and sending alarming messages around would be of any positive meaning. A measure that produces many more false alerts than real ones just weans users (and support) down.

We better let EN further fix and feature the v10 clients, IMHO there is more to do on this end.

Link to comment

@PinkElephant

From all cases I have seen here, or that were reported elsewhere, there is a single reason why accounts are breached: Standard UserID plus reused or plain simple passwords, plus no 2FA enabled.
Solution that could be taken by Evernote: Enforce 2FA, strong password policy, Breach control

So one layer of security broken, another broken as well, or too weak, and the third possible layer not even implement.
But sure, always telling EN needs to do this, EN needs to do that. No, it is IMHO the users responsibility to use the measures available.
I'm not telling Evernote anything, just point out some facts. And yes user has responsibilities sure, but with Miljons of users the Evernote company should / could gear up and help users with the world wide security issues.

I pointed to a single issue: That the geolocation in access history is sometimes off. That is hardly a reason to question security in general.
And I concluded that is should raise red flags when a account is switching between different Geo's often. In 2021 is should be standard to at least alert the user about strange login behavior.

But if you think it is not secure, draw the consequences: Take your stuff and move on.
Frustrations? Why this negative reaction? If someone points out that Evernote has some issues or negative point why should he or she leave? Why can't someone write some critics about this product? 

Because security in the end is a question of trust - and you obviously don’t trust EN.
No login-security has nothing to do with trust, don't know why you think login-security is trust related. If you don't trust a company, don't sign up in the fist-place. 

This can’t be healed, and I couldn’t care less.
Trust can be restored, if someone takes the efforts. And you are wrong about the last statement.... you care, you care the most (i think) of all the forum users.

 

 

 

  • Like 1
Link to comment
  • Level 5

Just a few remarks (seems my red ink is out ...).

Even "strong" passwords can be reused - and no service aimed at normal users enforces 2FA. Many users don't want the hazzle, and some even have technical problem with it. Enforced 2FA is maybe (but only maybe, as many pentests prove) enforced in professions that handle security issues day by day.

About the problem of trip wires that produce a too high percentage of false alerts I have written above. Just one example: One person wants to watch the geo-blocked new hot Netflix stuff - the other is not aware the home network is currently on VPN, and opens EN. Call from EN: We blocked your account, somebody from < .... > tried to access it. I bet these calls would be much (!) more frequent than real attempts at hacking into an account. As long as one part of the industry resorts to geoblocking, another part of the same industry can't (reliably) use location as an indicator. If you have 90% false alerts, any feature is dead that relies on it.

About trust: If you don't trust EN to do "enough" for security, you doubt that they take security serious. And as you said, normally you avoid these services. At least I do (this is why I am with EN).

Link to comment

@PinkElephant

Just a few remarks (seems my red ink is out ...).
Solution: Use Pink instead

Even "strong" passwords can be reused - and no service aimed at normal users enforces 2FA. Many users don't want the hazzle, and some even have technical problem with it
Reuse of passwords is a real pain in the .. and not easily fixed for sure. A self-respecting service should urge their customers to use 2FA if they have it available as a extra layer. Login with username-password is out-dated to put it mildly.. and with the Evernote statement While we don’t require you to set a complex password, our password strength meter will encourage you to choose a strong one.  I'm serious doubt the security decisions made on user-level, not server side... I don't have all the specs of their infra and mitigation tools.

 Enforced 2FA is maybe (but only maybe, as many pentests prove) enforced in professions that handle security issues day by day.
Not true, more and more companies see the urge to enforce extra layers of security. Mostly after a (big) breach or hack... Evernote could be one of the few companies that implements stronger policies before a clusterfail...

About the problem of trip wires that produce a too high percentage of false alerts I have written above. Just one example: One person wants to watch the geo-blocked new hot Netflix stuff - the other is not aware the home network is currently on VPN, and opens EN. Call from EN: We blocked your account, somebody from < .... > tried to access it. I bet these calls would be much (!) more frequent than real attempts at hacking into an account. As long as one part of the industry resorts to geoblocking, another part of the same industry can't (reliably) use location as an indicator. If you have 90% false alerts, any feature is dead that relies on it.
Did not say that account needs to be blocked directly/permanently, alert can be sent to the mobile app or registered email with unlock option without any support from Evernote...as an example (not the best though, but simple one for free). If user knows Geo location / IP is different than normal behavior he/she can acknowledge and go on...

About trust: If you don't trust EN to do "enough" for security, you doubt that they take security serious. And as you said, normally you avoid these services. At least I do (this is why I am with EN).
Evernote has some stronger features in place, 2FA - strong psw policy, Geo/ip alerting etc... but customer must search for the options, why not enforce or urge or inform customers better. Let them know about the security risk.. customers store their whole life in Evernote, all passwords, taxes, bank account, creditcards and personal id's... Identity theft is a big issue, Evernote is a really big database and once breached..... Sure if one user is compromised the impact for all users is minimal, but why not helping in creating awareness? Evernote needs the restore trust, failed multiple times the last years with V10 and subscriptions. Hope Security isn't the next clusterfail... 

Link to comment
  • Level 5*

OK - enough with the off-topic trolling.  It's STILL the case that we don't know what happened here.  Since the sources of your allegations are not available I have to assume that they're fiction.  If anyone has any remaining concerns or doubts,  please take it up with Evernote - the next post will (I hope) be -directly or indirectly- an answer from Evernote.

 

Link to comment
On 8/19/2021 at 4:33 PM, PinkElephant said:

No breaches other than user inflicted, all measures in place that cloud services usually offer, distributed copies of all user data, fully encrypted servers, no known successful brute forcing, no known DDOS attacks, no ransom problem ...

That’s not fair nor true! I had done everything asked - unique password, two factor, google authenticator and still there is access to my account that shouldn’t be there and it wasn’t me either as that date was my daughters birthday and I wasn’t using it. But instead we get witty dismissals here which I’ve shown great restraint on as I’m not going to bite. 
 

To all - I’ve now had a reply from support, their security department is going to investigate and get back to me early next week. I’ll let folks know what comes back. 

  • Like 2
Link to comment
  • Level 5*
17 minutes ago, WilliamL said:

we get witty dismissals

No one is dismissing that you have one or more odd entries in the access listing,  or that they should not be there.  There are lots of possibilities,  but the actual reason for such entries,  as I've said at least twice now,  is unknown.  We're all users so far in this thread,  so all you have is guesses and opinions.

Unless there's a way around 2FA it is most unlikely that someone had actual access to your notes.  As Security is looking into this,  we'll know more about this and any other options in a few days. 

Meantime,  if you haven't already,  change your password to something unique and complicated,  or (because they're easier to remember) a short phrase with your own spelling like "Un1qu3 & Kompl1c4t3D".

Link to comment
3 hours ago, gazumped said:

Meantime,  if you haven't already,  change your password to something unique and complicated

I have, it’s an auto generated one via iOS. I’m quite confident between that and authenticator that shouldn’t be the issue. I’ll see what support says though I’m not optimistic. I’ve removed anything sensitive from Evernote which kinda makes it useless for me now. 

  • Like 2
Link to comment

Hi all, I got an official response today after sending an email saying 24hours and I cancel (not being dramatic - I had a timescale and after a week of silence i figured I give it one last go). 

I got the following back - 

These IPs are from a service used by Evernote to securely log in to your account. The access history listings were erroneously triggered by the login activity from your devices and should have been listed under your IP instead.

Apologies for the highlighted text, not for drama just can’t figured out why it’s there or how to remove it! This is reassuring as it confirms there has been no external access to my account and that it remains secure. I hope that reassures the others concerned by similar events. 

  • Thanks 6
Link to comment
  • Ex Employees

Thank you for your patience while we reviewed this report. We’ve determined that the issue reported is not a breach of our security protocols and no unauthorized access occurred.

These IPs are from a network service provider used by Evernote.  The access history listings were triggered by the login activity from your devices and should have been listed under your IP.  We should not have listed them as separate logins and we’ve made adjustments to avoid this moving forward.

 Please let me know if you have any other questions or concerns.

  • Like 1
  • Thanks 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...