Jump to content
  • 0

My Evernote Got Hacked -- $60K in cryptocurrency stolen

nmoccia79

Asked by nmoccia79,

Idea

nmoccia79

nmoccia79 0

Posted
Posted

DO NOT LEAVE YOUR CRYPTO WALLET KEYS ON EVERNOTE. 

In case you did not understand me, DO NOT LEAVE YOUR CRYPTO WALLETS KEYS ON EVERNOTE or anywhere that they can be accessed electronically.

I made this mistake.  An hacker with an IP address associated with a location in Germany logged into my Evernote Account through the Web.  Apparently, they obtained my login info through a data breach.  On 12/22/21, The hacker stole my the keys to my crypto wallets and transferred $60K in crypto out of my accounts.

The IP addresses used to access my accounts are as follows:

185.220.101.31

185.165.171.175

Anyone else get hacked in this way, please contact me.

New login to Evernote 12.22.21 (Germany).pdf

  • Sad 2
Link to comment

6 replies to this idea

Recommended Posts

  • 1
  • Level 5
PinkElephant

PinkElephant 8,106

Posted
  • Level 5
Posted

It is always a bad idea to leave any valuable information in a relatively open cloud service like EN. It is worse if you then don’t use all possible measures to protect it, like enabling 2FA and encrypting the information itself by using the EN encryption tool. And the bottom is falling out of account security if you reuse your password for several services.

In general the keys to a crypto wallet should NEVER be stored in any service or device that is online. Use a „cold“ wallet that is kept offline, and use the good old paper to store the access data.

You can check any IP address for illegitimate traffic here:

https://www.abuseipdb.com/

The first one is a TOR exit node located in UK (not Germany).

The second one is located in Romania (not Germany again). Both IPs are known exit nodes of the TOR network, used among others by hackers to obscure their true location and to cloak their traffic. It is heavily reported in network abuse - since it is a TOR exit, it is not that server itself that hosts the illegal activities. 

The main use of TOR is to provide a secure way for people in critical countries to visit the web, and to communicate. That it is used by hackers as well can’t be stopped - the traffic through TOR is heavily protected, from the providers of the TOR infrastructure as well.

Unless you have the resources of a very large and potent organisation at your service (and probably not even then) it is impossible to backtrack any traffic through the TOR network.

Link to comment
  • 0
  • Level 5*
DTLow

DTLow 5,736

Posted
  • Level 5*
Posted
2 hours ago, nmoccia79 said:

logged into my Evernote Account through the Web.  Apparently, they obtained my login info through a data breach. 

I suspect this wasn't a data breach at Evernote    
You were using same password at a less secure site   
Best practice is to use unique passwords for each site

>>DO NOT LEAVE YOUR CRYPTO WALLET KEYS ON EVERNOTE

i have no problem storing sensitive data on Evernote.  I'd make sure it was encrypted

 

Link to comment
  • 0
KostasT

KostasT 4

Posted
Posted
3 hours ago, nmoccia79 said:

DO NOT LEAVE YOUR CRYPTO WALLET KEYS ON EVERNOTE. 

In case you did not understand me, DO NOT LEAVE YOUR CRYPTO WALLETS KEYS ON EVERNOTE or anywhere that they can be accessed electronically.

I made this mistake.  An hacker with an IP address associated with a location in Germany logged into my Evernote Account through the Web.  Apparently, they obtained my login info through a data breach.  On 12/22/21, The hacker stole my the keys to my crypto wallets and transferred $60K in crypto out of my accounts.

The IP addresses used to access my accounts are as follows:

185.220.101.31

185.165.171.175

Anyone else get hacked in this way, please contact me.

New login to Evernote 12.22.21 (Germany).pdfUnavailable

Doesn't you enabled two factor authentication?

Link to comment
  • 0
John in Michigan USA

John in Michigan USA 129

Posted
Posted
23 hours ago, DTLow said:

 

i have no problem storing sensitive data on Evernote.  I'd make sure it was encrypted

 

I would agree that EN (with 2FA) is secure enough for sensitive data such as a personal diary, musings, ideas, etc. I absolutely would not store passwords, financial info, etc. on EN. EN is knows to be very buggy, and buggy software is insecure, even if it does authentication properly.

EN says it's servers are "encrypted" but I suspect that just means stored on an encrypted disk array which is the default for most cloud providers; I suspect it doesn't mean that your EN data is encrypted with a key that only you possess.

Finally, the EN feature that lets you encrypt all or some of the body of a note is vulnerable. You have to put the cleartext into the note before encrypting it. You have to decrypt the cleartext in order to view or modify it, then re-encrypt it. If sync happens during the periods when your note content is unencrypted, you've effectively shared the cleartext with EN support; the cleartext may even be readable in your note history. Only if you religiously disable sync before putting any cleartext you intend to encrypt into EN, then encrypt, then re-enable sync, only then can you be certain what you've encrypted really is secure.

Link to comment
  • 0
  • Level 5*
DTLow

DTLow 5,736

Posted
  • Level 5*
Posted
37 minutes ago, John in Michigan USA said:

Finally, the EN feature that lets you encrypt all or some of the body of a note ...

Evernote has a an encryption feature, but it's only applicable for text   
I use encryption externally from Evernote for file attachments; pdfs, office/iWork documents, ...

  • Like 1
Link to comment
  • 0
  • Level 5
PinkElephant

PinkElephant 8,106

Posted
  • Level 5
Posted

For everybody who wants to get a better understanding of EN security here is a paper about it. It contains further links, for example to Google describing how the encryption of content in its data centers works:

https://evernote.com/intl/en/security

It is quite obvious that EN generates the key - there are server side services like search indexing or OCR that require access to the user content. EN says it is only done by bots, not by humans. But the bots need the key.

But that these services exist (absolutely no secret here, EN is marketing some of them as value added parts of the subscription plans) tell it is not a good idea to store any sensitive data in EN. Who does it does it at his own peril.

The solution is simple: Create the content and use an encryption tool of your own choice. Then store the encrypted file into EN. It may be not as convenient, but it creates an additional layer of security around what no man should know. If in doubt you can repeat the encryption using other tools and keys. As an example use a steganographic tool to create the file, and then a classical encryption to wrap it up again.

Or forget about storing sensitive information at all in digital form ! Talking about crypto, keep a cold wallet, and the keys on good old paper.

  • Thanks 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Idea Listing
×
×
  • Create New...