JimJPublic 1 Posted September 21, 2023 Share Posted September 21, 2023 I've gotten about 3 notices in the last 3 months of "new logins" into Evernote. I keep changing the password the moment I receive them. Is anyone else getting these? This is what the email says: "We noticed a new login to Evernote and wanted to make sure it was you." This is the email that is sending. noreply@account.evernote.com Link to comment
Level 5* gazumped 11,699 Posted September 21, 2023 Level 5* Share Posted September 21, 2023 Hi. Do you check the IP address to see where the logins are coming from? I have the same sort of notice, and it's usually one of my devices that's the 'new' login. ID-ing a device by IP address is not an exact science, as VPNs, different locations and firewalls can sometimes show new details. If you have a secure password that's not used elsewhere, and 2FA enabled, you're secure. I'm happy that Evernote warn us about this stuff so we can check it's not some kind of attack... Here's the 'official' guide: What to do if you suspect unauthorized access to your Evernote account 2 Link to comment
JimJPublic 1 Posted September 22, 2023 Author Share Posted September 22, 2023 I got another one today. IP addresses say Russia and Israel. Link to comment
JimJPublic 1 Posted September 22, 2023 Author Share Posted September 22, 2023 Is there a way to speak with Evernote support about this? Seems fishy. Link to comment
Level 5* gazumped 11,699 Posted September 22, 2023 Level 5* Share Posted September 22, 2023 18 minutes ago, JimJPublic said: Is there a way to speak with Evernote support about this? If you're a subscriber you can raise a ticket, but chances are the IP address is just your own, mis-identified as coming from elsewhere. Try going to https://whatismyipaddress.com for a quick check. I think Evernote are just being super-cautious. If you have 2FA and a unique password, your account is safe. Link to comment
JimJPublic 1 Posted September 22, 2023 Author Share Posted September 22, 2023 Thanks I checked my IP address. IT finds the exact spot I'm located. And so has every other IP address search or warning for other applications. Only Evernote seems to be getting it either wrong or right depending how one looks at it. I just put the 2FA and changed password, but its still very odd. 1 Link to comment
Evernote Expert agsteele 2,953 Posted September 22, 2023 Evernote Expert Share Posted September 22, 2023 Another user asked a similar question and got an answer from @Federico Simionato. Does that assist? Link to comment
Level 5 Dave-in-Decatur 3,977 Posted September 23, 2023 Level 5 Share Posted September 23, 2023 On 9/22/2023 at 6:29 AM, JimJPublic said: I got another one today. IP addresses say Russia and Israel. This is a little more suspicious. Sometimes hackers steal a person's password from somewhere else, then try it in Evernote. If you use the same password on multiple services, this can be a problem. You might want to change your Evernote password just to be safe (and enable 2-factor authentication). Link to comment
VincentC 272 Posted September 23, 2023 Share Posted September 23, 2023 If I may make a general comment -- I used to use Lastpass as my password manager. I've now switched to a different password manager, but I was on Lastpass when they had their latest data breach. From my reading about that breach - and I may have this wrong since I'm in no way a technical expert -- the bad actors didn't get passwords, but they did get all of the sites that I had passwords for. Since then, I've seen a very noticeable increase in the number of suspicious messages and other activity I see on my accounts. I suspect what's happening is that bad actors have obtained the Lastpass info about my accounts. They can't get through my security door, but they know which door to knock on and are trying different kinds of knocks to see if the door opens. I'm wondering if something like this is a partial explanation for some of the events folks are reporting here. Vinnie Link to comment
Level 5 PinkElephant 8,174 Posted September 23, 2023 Level 5 Share Posted September 23, 2023 Anybody who wants to know if a user name or password is circulating in the dark net can check himself here: https://haveibeenpwned.com/ Link to comment
VincentC 272 Posted September 24, 2023 Share Posted September 24, 2023 Yes, and my email address is there in 15 different breaches, but not Lastpass. Nevertheless, I have gotten so much suspicious traffic starting right after the Lastpass breach, that I think I must be there too. But, sorry, I'm pulling this thread way off topic so we should return to our regular programming schedule. 😀 Vinnie 2 Link to comment
Level 5 PinkElephant 8,174 Posted September 24, 2023 Level 5 Share Posted September 24, 2023 The site gets / buys data from breaches. They have a limited budget - maybe the Lastpass-data is still so "hot" that they haven't b seen able do get it. This is another site that does a similar job: https://sec.hpi.de/ilc/ Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now