edada 0 Posted May 14, 2023 Share Posted May 14, 2023 Dear all, I need urgent help from someone. Today i got a email from evernote and said that another IP accessed my evernote account, And i check my account immediately and find that there are 2 IP which accessed my note. en-w32-old 2023/5/14 103.163.238.202 (Abbottabad, Khyber Pakhtunkhwa, Pakistan) en-w32-old 2023/5/14 103.82.15.41 (Jakarta, Jakarta, Indonesia) That 2 IP were not by me. and as i checked my divice which could access my account an there are no unknown divices. Can you please tell me hwo that 2 IP could access my IP? I have very important note in my evernote account, now i deleted my all notes, but still that 2 IP could already copied my all Note. What is en-w32-old? how could tehy access my note? So now my all note could already read/copied by them? How shall i do now? Please help me! Link to comment
Level 5* gazumped 11,708 Posted May 15, 2023 Level 5* Share Posted May 15, 2023 Hi. This forum is mainly supported by other users like me. Your email should have included some suggestions to improve your security, like those here - What to do if you suspect unauthorized access to your Evernote account If you still have concerns you should contact support. Subscribers can raise queries here - https://help.evernote.com/hc/requests/new and all users here - https://twitter.com/evernotehelps (or via the feedback option where it is available). Link to comment
Level 5 PinkElephant 8,183 Posted May 15, 2023 Level 5 Share Posted May 15, 2023 En-w32-old is probably the old legacy Windows client, which is 32bit software. But maybe then it is not, and the access type was cloaked, as were the IPs. It is common practice to use a VPN to hide the own IP from the logs. What you need to do is to change your password and enable 2FA immediately. EN is not build to store highly sensitive information. For this use there are other apps. As an alternative you could create an encrypted container (like an encrypted ZIP or TAR file), and store it in a note. In especial passwords or crypto wallets must never be stored in EN. Link to comment
edada 0 Posted May 15, 2023 Author Share Posted May 15, 2023 32 分鐘前, PinkElephant說: En-w32-old is probably the old legacy Windows client, which is 32bit software. But maybe then it is not, and the access type was cloaked, as were the IPs. It is common practice to use a VPN to hide the own IP from the logs. What you need to do is to change your password and enable 2FA immediately. EN is not build to store highly sensitive information. For this use there are other apps. As an alternative you could create an encrypted container (like an encrypted ZIP or TAR file), and store it in a note. In especial passwords or crypto wallets must never be stored in EN. Hi PinkELephant, Thanks so much for your help!I knew that i should not save important credential in EN, but it happened. do you think that my PC or some devices already had virus or something like that? I already changed my all password which noted in EN, but could not cover everthing. I'd like to know if my PC is safe because i have important data in my PC. Can you suggest me a good anti-virus app? How can i check if my PC or browser already got virus? i already scanned my PC thru TotalAV Thanks a lot! Link to comment
Level 5 PinkElephant 8,183 Posted May 15, 2023 Level 5 Share Posted May 15, 2023 The approach to the EN account happens at the server. Nobody can reach your PC from there. The only possible (but highly unlikely) threat vector would be to nest malware into a note. If and when you actively open the attachment , an infection could start. So don’t choose „Open“ on any attachment that looks weird, like an EXE, BAT, ZIP or TAR file. About important data: Always make sure you have an independent, protected backup. Either locally on a separate storage, or in a cloud location. Then you don’t need to worry, because even in the worst of all cases, you could wipe the whole PC, and restore from the backup. Link to comment
edada 0 Posted May 15, 2023 Author Share Posted May 15, 2023 Hi PinkElefant, Actually I always very careful to open any attachments in the email. Just one time I remembered that i clicked on a fishing page to connect my wallet and I noticed too late. I trust EN too much so I saved too much personal data like credential, bank info on EN. And I wondered why there are no any unknown devices which tried to login my EN account,but directly access my notes in EN. So even i already set Google authenticator, it could not work. It is horrible, it means that my email could also be get accessed without login? That I could not understand. And I remembered that as I got alert email from EN(unknown access to my notes), I did not working on my PC and my PC is off. But I also login my EN account on my phone. Could it be that the virus is on my phone? thanks! Link to comment
Level 5 PinkElephant 8,183 Posted May 15, 2023 Level 5 Share Posted May 15, 2023 I doubt any of the clients was compromised. In these cases the access goes to the server, and happens independent from any client being active. You can check for compromised user credentials here - this website collects data that appears from breaches in the dark net: https://haveibeenpwned.com/ Link to comment
edada 0 Posted May 15, 2023 Author Share Posted May 15, 2023 THanks so much for your help! But anyway, my all data in EN could already be disclosured, right? That is what i worried about Link to comment
Level 5 PinkElephant 8,183 Posted May 15, 2023 Level 5 Share Posted May 15, 2023 If notes were not edited, you can’t see what was accessed. Maybe you can take a look at the most recent searches. They maybe show after which was looked. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now