Evernote Crypto Hacks and related activity

[GC2023 4]

Hi all,

I recently posted 

I wanted to follow up and see what sort of additional activity people noticed with details they may have had in Evernote after the initial issue.

I have been digging around with my Crypto transactions and I am try to get a feel from others as to their insights.

Did you notice any other activity on accounts to might have had in Evernote or simply see activity in your Crypto wallets?

I was wondering if people thing these are typically bots accessing accounts and performing searches online and then collecting wallet information as opposed to humans doing it manually.

There seemed to be quite some time between entry to my account and removal of funds (12hrs) but this could be for a number of reasons.

If it was a bot I would expect instant removal? Perhaps a human was reviewing all the information and running a script..

I had a bunch of wallets in Evernote but none of the others got hacked in the same way although I did not leave things lying around long.

Three days later a bot or person came along to clean up remainder of my crypto - even very small amounts not really worth keeping or not likely to increase in value.

I left them there out of interest.

Likely a human?

I had some passwords for other things in Evernote but did not see any activity on those accounts - they were properly protected with 2FA however.

Wondering if this is truly just Crypto focused activity or have others seen otherwise?

Edited September 18, 2023 by GC2023
Title

[Boot17 1,467]

These are very interesting questions, but I think you're going to be reaching a small target audience that has had this same experience as you with these parameters:

• Use Evernote to store crypo account info (not a great idea IMO -- better to use something with zero knowledge proof encryption on the backend)
• Don't have 2FA enabled on said Evernote account
• Individual/personal account got hacked (most likely from using a shared password on a less secure system that was compromised)
• Know how to use these forums to see new posts

In the last few years that I've frequented these forums I've only seen a handful of people post about their Evernote account being hacked at all and it seems like in all cases they didn't use 2FA and they used shared passwords (recipe for disaster).

To your questions though, I'd guess that a bot does the initial attempt to login and perhaps some primitive searching for crypto (or other account) information. Then a human does a manual review of reported findings.

[PinkElephant 8,174]

EN is no place for crypto wallets. As no cloud service is a place for crypto wallets.

Use it for this purpose, and you carry the risk.

Weak, reused passwords enhance the exposure, as does the absence of 2FA. But it is known from social engineering / spearfishing campaigns that even most 2FA protections can be circumvented, if the user falls into the trap.

So again: Keeping crypto wallets in any cloud storage is a no-no-no .

[GC2023 4]

You are probably correct @Boot17

Still interesting to hear if any do pop up.

Thanks for the replies.