Jump to content

How much of a security issue is this?

Recommended Posts

Hi all, long term user here, but forum noob.  Thanks in advance for your help.  

So I woke up this morning with a notification of log in from Mexico, which I have never been to being a down under Australian user.  I checked the activity history and noted a lot of suspicious Evernote for Windows Sync Test Utilities.  There's probably 20 more beyond the images I have attached here.  Of someone, not me, accessing 'Evernote for Windows Sync Test Utilities'.   I changed my password immediately.

Could someone explain to me what 'Evernote for Windows Sync Test Utilities' means, and whether this indicates my data has been hacked?

Are there any further steps I should take?

Many thanks....

Screen Shot 2023-04-14 at 1.20.59 pm.png

Screen Shot 2023-04-14 at 1.20.51 pm.png

Link to comment
14 hours ago, bomberboybrad said:

Are there any further steps I should take?

I can't answer your other questions, but one thing I think you should do -- if you haven't already, is to set up two factor authentication (2FA) for your Evernote account.

Link to comment
  • Level 5

If you want somebody to look deeper I to this, you need to go through support.

Most likely somebody learned about the email address in an internet breach. Since it is used as your EN user name, they now try to crack the password.

Use a strong and unique password. With 2FA as already posted, you add yet another layer of security.

And be aware there may be attempts to use the mail address for phishing mails. As usual don’t click on any links embedded into emails - always go to your browser and enter the site yourself.

Link to comment
  • Level 5*
13 hours ago, bomberboybrad said:

explain to me what 'Evernote for Windows Sync Test Utilities' means

I think it means that a savvy black hat thought:  Evernote has said that it's going to revise its sync process,  so if I try accessing accounts using this name,  users will just write it off as Evernote doing testing...  although the VPN they're using has their IP address bouncing all over the place.  All those connections mean someone tried hard to get through - but it looks like they failed.  As others have said - take precautions,  just in case.

Link to comment
On 4/16/2023 at 8:24 PM, michal334 said:

@bomberboybrad I had the same happen to me just today. Were you able to find out more about this issue?

Basically everyone, including Evernote support are indicating that they cannot guarantee based upon the information that the details of the account and files kept within haven't been accessed by third parties.  Therefore whatever details you have had in the account may have been screenshot or recorded by someone.


The direct response I got from Evernote Support was as below

"Hello Brad,
Thank you for contacting Evernote Customer Support. My name is Khient, and I'm happy to help you.

I understand that you're seeing multiple unauthorized access on your account for different countries. I appreciate your effort in providing the screenshot of your access history. I'm sorry to hear about this and if this is causing any sort of inconvenience on your end. Rest assured that I'm happy to check on this for you.
Since you are seeing multiple login attempts from a device that you don't recognize , someone may have learned the password to your account and accessed it. The Evernote service is secure and we want to make sure you take the necessary action to secure your account. There are a few ways someone other than you could have learned the password to your account:
If you use the same password on Evernote that you use on another site, it may have been taken from a site not associated with Evernote. Please check a security breach site (like https://haveibeenpwned.com/) for details on security breaches from other companies that included your email so you can review and take action.
Once an individual has access to your account, it’s possible they could view or save the content. For example, it’s possible to use the export feature, take screenshots, or use a script to capture a copy of the account contents. In short, there is no data we can provide that could tell you with confidence that a specific note or notebook wasn't accessed.
We've discovered in the past that some unauthorized individuals have searched accounts for passwords and cryptocurrency keys. If you have any in your account, someone may have copied them.
As an additional steps in securing your account, please do the following:

  1. Review the authorized applications and access history for your account. Revoke access to any applications that you are suspicious of or that have accessed your account from an IP address you don't know.
  2. Set up two-step verification on your account as an additional layer of security.
  3. Encrypt sensitive text inside your note. When you encrypt text in a note, a separate password will be required to view the text, even if someone, including you, has access to your account.
  4. If you stored any sensitive data in your account like passwords, credit card numbers, or cryptocurrency keys, you should consider changing them to stop or prevent misuse.

I hope this helps. Thank you for your patience and understanding. Should there be a need for further assistance, I want you to know that our team will always be available to help you.


K****** A.
Customer Support"

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...