"Is Evernote security completely safe from plain text?

[Amirfarhan 0]

 

When we put our content in Evernote as a Task, does Evernote's crawler ensure the security of our content and how does it index it in Google as a unique content? Is this entire process completely safe if business content is uploaded to it? Please guide me in detail.

[gazumped 11,689]

Hi.  If you need detailed reassurance,  you're best contacting Evernote via Support.  We're mainly other users here,  so all we can offer is opinions,  not facts.

AFAIK Evernote has not -yet- been successfully "hacked".  Ever. The company appears to take security very seriously: see https://evernote.com/security and https://evernote.com/privacy/policy.

Support is here - https://help.evernote.com/hc/requests/new

[thefryhole 50]

Some data held by Evernote was compromised in 2013. It appears user content was not breached but hackers did access user details. A small summary is here and a Google search returns many results. The service was also part of a phishing scheme in 2022 that primarily affected healthcare companies that still used Evernote.

The language regarding data breach notifications is different between the consumer subscription agreement and the Teams agreement, so be sure you read everything to understand what Evernote has (and has not) committed to doing if a breach occurs. Assumptions don't hold up if something happens.

[VincentC 271]

Evernote is not HIPPA compliant, as far as I know.  HIPPA is a set of requirements in the US to protect privacy of medical information.  Depending on your application, that could be relevant.  Also, your account could always be hacked by a smart, bad actor using social engineering techniques.  One poster here a while ago reported losing bitcoin resources - this poster thought someone managed to get into his account to the note where he stored his access keys.

So, while my impression is that Evernote's security is pretty good, it IS a cloud service and you should be smart about how you use it.  I, myself, generally don't put documents in Evernote that contain my social security number - that's an ID number in the states that, if a bad actor gets, it makes it a lot easier to steal your identity.

Vinnie

[Dave-in-Decatur 3,970]

 

+1 @VincentC. Using Evernote to store unencrypted identity information or links to financial stuff, esp. if you use a non-unique password and single-factor authentication for Evernote, is like leaving your keys in the ignition and the car unlocked.

 

 

 

 

[PinkElephant 8,157]

From reports about individual breaches (bad, reused passwords) we know what is usually searched after an account is cracked: Crypo currency data, either wallets or seed keys.

It should be a no brainer that this type of information should not be stored in ANY cloud service.

The same with passwords, these belong into a dedicated password manager (or into that little book in your drawer).

What was not searched (if we read those reports) was any other kind of information: Bank slips, tax declarations, income statements etc. They are of no use for the hackers.

How to protect accounts ? Good, unique passwords plus 2FA enabled. And a healthy 2nd look at anything urging me to go to a website I don’t open myself, asking to enter my data there.