Help for a hacked account

[KASthrive 2]

My husband's SBC Global email account was hacked on Monday. He lost access to it and we've been trying to secure things since. While trying to secure his Evernote account, an email went to the hacked email address he no longer has access to. The hacker then got into his Evernote and has changed it so he can't log in. Is there any way to at the very least delete this account? We're really concerned. 

[gazumped 11,686]

Hi.  Sorry to hear this.  Without a lot more detail we can't be much help - and this is a mainly user-supported forum so we have no ability to deal with password or account issues.  Please contact Evernote Support - https://help.evernote.com/hc/requests/new?guest=true - and give them full details.

There's some help here,  but it's probably no longer applicable in this case - https://help.evernote.com/hc/en-us/articles/115004395487-What-to-do-if-you-suspect-unauthorized-access-to-your-Evernote-account

[PinkElephant 8,150]

First thing is to get that mail account back. That account is probably a nugget pit for that hacker, enabling him to reset passwords on a ton of accounts, and harvest the contents.

In parallel try the provided support link to EN support.

[KASthrive 2]

2 hours ago, PinkElephant said:

First thing is to get that mail account back. That account is probably a nugget pit for that hacker, enabling him to reset passwords on a ton of accounts, and harvest the contents.

In parallel try the provided support link to EN support.

Agreed. And that's exactly what's been happening. We're trying, but it's a really old email address through SBC Global/AT&T, and they're providing little to no support. Truly a nightmare.

5 hours ago, gazumped said:

Hi.  Sorry to hear this.  Without a lot more detail we can't be much help - and this is a mainly user-supported forum so we have no ability to deal with password or account issues.  Please contact Evernote Support - https://help.evernote.com/hc/requests/new?guest=true - and give them full details.

There's some help here,  but it's probably no longer applicable in this case - https://help.evernote.com/hc/en-us/articles/115004395487-What-to-do-if-you-suspect-unauthorized-access-to-your-Evernote-account

Thank you. We'll try the form as guest since he can no longer log in.

[PinkElephant 8,150]

Support is not really fast at the moment. Once you have got a ticket number, you can send us a direct message with that number. We can try to flag it to speed things up.

[kkarney 101]

Not to belabor an already belabored point, but this is totally unacceptable. This is not a situation where entering a support ticket and vainly hoping it will be answered is a viable option. The OP needs help NOW, and there is none. This is no way to run a business.

[s2sailor 2,217]

And your response is helping how??

[mackid1993 732]

How is it Evernote's fault that OP didn't enable 2FA on their email or Evernote account?

[kkarney 101]

My point is that having no support whatsoever is unacceptable, regardless of the circumstances. It may not be helpful to point this out, but frankly I'm sick of this *****.

I'm not sure why it's acceptable to so many of you. It is not the way decent companies do business.  

[s2sailor 2,217]

It is not acceptable to any of us and belaboring the point here to fellow users, who are well aware of the situation, isn’t accomplishing anything.  Vent away to feedback@evernote.com.  Let’s move on here.

[kkarney 101]

18 minutes ago, s2sailor said:

It is not acceptable to any of us and belaboring the point here to fellow users, who are well aware of the situation, isn’t accomplishing anything.  Vent away to feedback@evernote.com.  Let’s move on here.

But if I vent here, I'll actually get responses. feedback@evernote.com offers absolutely nothing other than a black hole. Does Bending Spoons care? No. Do you care? No, but at least you acknowledge my existence.

I also suspect that the OP here is not a forum regular, so I don't think I'm out of line for exposing the inconvenient truth yet again.

I am fully aware that "moving on" is the healthy and appropriate response, but I really am angry, and this is my only outlet (I have pointed out previously that destroying my laptop is not an option, as I need it, and my company owns it anyway).

So, apologies to those offended by the negativity, but you should probably move on from my posts if they offend you...

[PinkElephant 8,150]

You are contributing zero to this thread, you only make it hard to read and follow. Leave this thread and the OP alone, they have enough to handle.

Nobody needs a thread hijacker here. If you want to rant about EN support open your own thread about it.

[mackid1993 732]

41 minutes ago, kkarney said:

But if I vent here, I'll actually get responses. feedback@evernote.com offers absolutely nothing other than a black hole. Does Bending Spoons care? No. Do you care? No, but at least you acknowledge my existence.

I also suspect that the OP here is not a forum regular, so I don't think I'm out of line for exposing the inconvenient truth yet again.

I am fully aware that "moving on" is the healthy and appropriate response, but I really am angry, and this is my only outlet (I have pointed out previously that destroying my laptop is not an option, as I need it, and my company owns it anyway).

So, apologies to those offended by the negativity, but you should probably move on from my posts if they offend you...

Quiet down, you aren't helping OP in any way.

[mackid1993 732]

@KASthrive as someone with an IT background and Cybersecurity degree I suggest you ensure this email is not in use anywhere else. If it is change the email to something else an email account with 2 factor authentication enabled an a unique strong password, use a real email provider, Google, Outlook, Apple, Fastmail, Proton Mail etc.  Use a password manager such as 1Password or Bitwarden. Set up multifactor authentication on that too. You can use an app on your phone such as Microsoft Authenticator or Authy for this.

Ensure you target the accounts of all financial institutions first, changing the email and resetting the password, while storing that unique password in a password manager, preferably use your password manager to create these passwords for you.

Once any banks are taken care of move on to any accounts that have payment credentials associated with them. Finally change all emails on social media accounts. While you are doing this you should also be enabling 2 Factor Authentication on every single one of your accounts and saving it either in an app like Microsoft Authenticator or Authy or saving them in your password manager directly while using Microsoft Authenticator or Authy to secure the password manager itself. Using a dedicated Authenticator app is more secure, using the password manager for this is less secure but more convenient. 

It is important you implement these changes as soon as possible.

[KASthrive 2]

On 4/12/2024 at 3:37 PM, mackid1993 said:

@KASthrive as someone with an IT background and Cybersecurity degree I suggest you ensure this email is not in use anywhere else. If it is change the email to something else an email account with 2 factor authentication enabled an a unique strong password, use a real email provider, Google, Outlook, Apple, Fastmail, Proton Mail etc.  Use a password manager such as 1Password or Bitwarden. Set up multifactor authentication on that too. You can use an app on your phone such as Microsoft Authenticator or Authy for this.

Ensure you target the accounts of all financial institutions first, changing the email and resetting the password, while storing that unique password in a password manager, preferably use your password manager to create these passwords for you.

Once any banks are taken care of move on to any accounts that have payment credentials associated with them. Finally change all emails on social media accounts. While you are doing this you should also be enabling 2 Factor Authentication on every single one of your accounts and saving it either in an app like Microsoft Authenticator or Authy or saving them in your password manager directly while using Microsoft Authenticator or Authy to secure the password manager itself. Using a dedicated Authenticator app is more secure, using the password manager for this is less secure but more convenient. 

It is important you implement these changes as soon as possible.

Thanks. We're working through all of that now and have our financials secured. 

My husband tried putting in a help ticket with Evernote using his new email address not associated with Evernote. He explained the entire situation but he never heard anything back. It's disappointing.

He realizes now how important 2 Factor Auth is and is setting it up on our important accounts. However, we're both very disappointed that, as a 10-year premium subscriber, he never got help from Evernote. We're pretty sure his account is lost.

[agsteele 2,952]

We're all very disappointed at the slow response times from Evernote support. It is a sad fact that your husband may need to wait 2-4 weeks for a response beyond the standard automated reply.