Account hacked, Searched, Note Left Titled “ethereum key”

[WhatKatDid 2]

Hi Guys,

My Evernote Account has been hacked.
After upgrading to premium, my account has had 20 new devices added to it from a range of international locations over the past 3 months. I was notified of the activity this morning, and shocked to find a string of activity that clearly was not mine. 

I have had a few documents that were sensitive in Evernote, my rental applications which have photocopies of my id and heath care card. (98% of my Evernote was used for study, recipes, artwork and scanning receipts)
 

There were 2 other physical traces that the hacker left behind. 
 

1.) Search history contained 2 previous searches for “seed” and “mew”. 
I assume mew refers to “my e-wallet”.

2.) They  made a note. Titled “ethereum key”. And containing a long address of numbers and letters, and a private key, also containing many letters and numbers. 

It appears that there is no ransom note, however I assume the ethereum key was intended for me to make a ransom payment into an account. 
My fiancé says that possibly a bot was looking  only for seed/e wallet/ crypto accounts information and that my identity is safe. Unsure. 

I have now: revoked access to the devices, added 2 factor Authentication, changed my password, removed data with personal information, 

Evernote: I am annoyed that this took place after reactivating my premium account.

Im annoyed that only now, after months of mysterious use, that I have only just been notified. 

What can i do to be refunded/reimbursed for the service that I PAID FOR, not letting me know when the first suspicious activity occurred on the account, and the compromised personal data?

[gazumped 11,656]

19 hours ago, WhatKatDid said:

What can i do to be refunded/reimbursed for the service that I PAID FOR, not letting me know when the first suspicious activity occurred on the account, and the compromised personal data?

Hi.  You're commenting on a (mainly) user-supported forum,  so we don't basically know.  Please complete a support request and take this up with Evernote.  Since any access will have been obtained with your valid user details,  you have taken the action necessary to secure against repetitions.  If your user details were used for access to any other sites,  it may not have been an Evernote issue which caused this situation.

[PinkElephant 8,088]

There is a ton of security measures in place for all accounts, and more available.

Non of it will help if the user does not apply them. Or uses weak credentials. Or uses passwords that are easy to crack. Or reuse the same or slightly modified passwords between services. Or whatever …

It is the equivalent of leaving the garage empty, the front door unlocked, and the rear door open before leaving for a vacation.

So better be annoyed about yourself.

About the traces: It is a pattern that there were searches made for cryptocurrency. It seems a significant part of users use EN as a comfortable place to store such keys. Significant enough to make these breaches pay for the effort, and some.

So important to remember again: DON‘T use EN to store confidential information. If you do so, store it in an encrypted document (using another tool), and store it fully encrypted as an attachment.

All the rest is chicken feed. Except you are a special target for political and related reasons, Hackers want nothing but money. And they want it fast and without leaving a trace, which is why cryptomoney is so popular in that sleazy community.

[WhatKatDid 2]

Hey Gazumped, 

I have since put in both requests with both customer service and the legal team. 

I wanted to share my experience on the  support forum as I had not found an experience the same as mine, similar, but not the same. I wanted to make sure the variations were recorded. 
 

Thanks kindly for your help on the matter. I will update the thread as more unfolds. 

[WhatKatDid 2]

Hey Pink Elephant,

As a long term Evernote user (as of 2015) many of these security measures were not Availiable at the time. Why not roll out these features as compulsory, as Xero accounting software does rather than optional? It seems as though this is an ongoing issue, yet to be truly solved by Evernote.

In relation to why you suggest I should be annoyed with myself: 

1. Evernote should have notified me during the original breach, so I can secure my account and information. 
-You want me to say- yes, it is my fault I was not notified earlier.  

2. It was due to the account being re-upgraded to premium that these hacks went unnoticed by me. 
- You want me to say - Yes, It’s my fault for upgrading to the paid version thus allowing invisible breaches. 

 

 

 

 

[PinkElephant 8,088]

About the availability of security measures:

1. Good, unique, strong passwords: Available since a very long time. Depends on the user to handle them properly. Use a password manager to facilitate the generation and use of the passwords.
2. 2FA: Available since quite a long time - not sure when introduced. Many users decide not to use it, for not knowing or for the loss of comfort.

EN is a service with 200 million users, multiple devices, often accessed via VPN services. I use a VPN myself when entering through a public WiFi. Now the problem is: The legitimate use of a VPN service creates a similar pattern as the illegitimate use of it. If only a fraction of users employ their VPN services to access, the punctual hacking attacks are a few among many legit logons.

Modern Hackers typically don't do a "brute force" attack (trying to force the account by repetitive login attempts). Instead they use credentials stolen elsewhere and simply try them on a number of services. You can check if your credentials circulate in the dark net here:

https://haveibeenpwned.com

To wrap it up:

If your account was hacked, you provided (involuntarily) the credentials yourself, by weak security practice. Typical fail is a reused password plus no 2FA.

EN can not detect every illegitimate access, since it follows the same pattern as legitimate access through VPN use. If they do, they notify the user (as they did in your case).

And finally, the device limit can be a sort of security measure. But it is not needed if proper account security is maintained.

[gazumped 11,656]

17 minutes ago, WhatKatDid said:

It seems as though this is an ongoing issue, yet to be truly solved by Evernote.

I don't think this is specifically an Evernote issue...  https://www.securitymagazine.com/articles/96667-the-top-data-breaches-of-2021 - especially if someone attempts access to an Evernote account using user name and password data sourced from elsewhere.  I know I've accessed my account from several countries and various devices over the years.  How can Evernote check each time whether I am actually me?  (Without annoying me to the extent that I'll use different note-taking software!)

Extreme caution is a condition of saving any information online.  Some of my data is in a Legacy local (offline) notebook,  and several items (including my Secret Plans for World Domination) are solely on paper and in a drawer next to my laptop. 

Mark Twain's old saying about two people keeping a secret - but only if one of them is dead - is even more true for the internet.  If anything is online - assume it may not be a secret!!

[WhatKatDid 2]

Man, you both must have so many friends.
I’m waiting on reply from Evernote employees, so in the meantime i’m going to enjoy my full and exciting life, so I won’t have time to reply to either of you! Hope you can do the same! 

[PinkElephant 8,088]

If you have so much time, good for you.

If I were you I would use it to secure my other accounts. Usually the same weaknesses like reused credentials or missing 2FA will tamper with security on other accounts as well.

Oh, I forgot: Others must take care of your account security.