zwadash 0 Posted February 12, 2023 Share Posted February 12, 2023 Got a password reset request yesterday. A friend of mine also said he got one. Older accounts. Not used for a while. Either just "bruteforce" from some email list, or they have a list. Just mentioning in case others are getting reset requests. For mod: You should check activity last few days on password resets... (u can delete this post if it has no value) Link to comment
Level 5* gazumped 11,699 Posted February 13, 2023 Level 5* Share Posted February 13, 2023 On 2/12/2023 at 1:43 PM, zwadash said: Got a password reset request yesterday. A friend of mine also said he got one. Older accounts. Not used for a while Those happen - usually because someone else messed up their email addres. I'll flag your post for an Admin to look at, but if Evernote see any suspicious activity, they're usually the ones teling you that something happened... Also (touching wood) there has never -yet- been a leak from Evernote. There are frequent leaks from other sites following which the bad guys presumably try to get resets from commonly-used providers to see what they can shake loose. See below for more... https://sec.hpi.de/ilc/?lang=en or https://haveibeenpwned.com/ or https://cybernews.com/personal-data-leak-check/ and https://help.evernote.com/hc/en-us/articles/115004395487-What-to-do-if-you-suspect-unauthorized-access-to-your-Evernote-account Link to comment
Level 5 PinkElephant 8,174 Posted February 13, 2023 Level 5 Share Posted February 13, 2023 Sending a password reset request for hacking usually makes no sense, because the rightful owner of the mail account will receive it. This means a) any password he sets will not be known to the bad guys, and b) the user gets alerted if he didn't request the reset himself. BUT: If they manage to compromise the email account itself, they can send reset requests, execute the reset and can now take control of the account. And usually the email account will allow resets on a large number of accounts, in the end taking over a whole digital personality. Conclusion: Instead of worrying about the EN account, you should really check if everything's is safe & sound with your email account. 1 Link to comment
Evernote Expert agsteele 2,954 Posted February 13, 2023 Evernote Expert Share Posted February 13, 2023 I got a request for an account that doesn't exist. One of several Email addresses that I use for purchasing online which I otherwise treat as a collecting pot for spam. So my best guess is that someone either guessed at one of my Email addresses or they grabbed it from one of the many spammers lists and tried to see what would happen. Nothing, because I don't have an Evernote account with that Email address. 1 Link to comment
Level 5 PinkElephant 8,174 Posted February 13, 2023 Level 5 Share Posted February 13, 2023 Apple users (well, you need some sort of subscription, a 50GB iCloud plan for 0.99$/€ per month will do) can use the "Hide-my-EMail" function. It will create a new email-address for every new account. It is random, always on iCloud.com, and will forward the mails to the account you have defined for the service - not necessarily with iCloud itself. Answers will again be wrapped up and send under the one-account-mail-alias. If now this mail address shows up elsewhere, you not only know it was in fact stolen or given away without consent - you can pinpoint from which account this happened, and then raise a little hell. 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now