(Archived) How did the security breach affect deactivated accounts?

[nbb 1]

Hi:

 

I'm curious if deactivated accounts were also affected by the recent security breach that caused the system wide password reset.

 

I do not use Evernote, but I signed up about two years ago while evaluating online note tools to see how it worked.  I was mildly annoyed when I couldn't actually delete my account, and could only deactivate it.

 

Now that I've had to reset the password on an account I don't even use and can't delete, I'm seriously annoyed.  

 

Thanks for any info.

 

NBB

[GrumpyMonkey 4,320]

Hi:

 

I'm curious if deactivated accounts were also affected by the recent security breach that caused the system wide password reset.

 

I do not use Evernote, but I signed up about two years ago while evaluating online note tools to see how it worked.  I was mildly annoyed when I couldn't actually delete my account, and could only deactivate it.

 

Now that I've had to reset the password on an account I don't even use and can't delete, I'm seriously annoyed.  

 

Thanks for any info.

 

NBB

Hi. Welcome to the forums. Please contact customer support (see link in my signature below).

[BurgersNFries 2,407]

Hi:

 

I'm curious if deactivated accounts were also affected by the recent security breach that caused the system wide password reset.

 

I do not use Evernote, but I signed up about two years ago while evaluating online note tools to see how it worked.  I was mildly annoyed when I couldn't actually delete my account, and could only deactivate it.

 

Now that I've had to reset the password on an account I don't even use and can't delete, I'm seriously annoyed.  

 

Thanks for any info.

 

NBB

I don't know why you're "seriously annoyed". If you don't use the account, I would have not bothered to change the password.

[ItsOnlyMe 0]

I completely disagree and would like an answer to this.  I've never used my evernote account but that means hackers may still have my email and password. The two together can give access to other accounts. Please don't give me the thing about a secure password, it is secure, but having a different secure password for every online service is unmanageable.

 

The fact that there is no way to delete my account information from Evernote is seriously worrying.  It is also in breach of several data protection acts, although presumably not the one which is applicable to Evernote's jurisdiction.

 

I am simply surprised that a renowned and high quality service such as Evernote has no real account deletion possibilities. Very dissapointing.

[gazumped 11,713]

There are lots of guides to password use,  but -as you already know- the basics are:

• Always use strong passwords.
• Use different passwords for all user accounts.
• Change passwords immediately if they may have been compromised.

(source: Microsoft)

 

Like the OP,  I used to rely on a single 'secure' main password (easy to remember) with a couple of variations where I used public access and thought the content might be at risk.  Then LifeHacker got hacked and the advice was "change this password and everywhere else it appears" so I used LastPass's secure vault,  protected by a phrase that registers "3 undecillion years" for a desktop PC to crack it - which I'm assuming is quite a long time.  Now all my accesses have individual protection and LastPass is rather helpful in generating new random passwords and autologging into my various sites,  plus in changing passwords individually or en bloc.

 

Just sayin'

[BurgersNFries 2,407]

I completely disagree and would like an answer to this.  I've never used my evernote account but that means hackers may still have my email and password. The two together can give access to other accounts. Please don't give me the thing about a secure password, it is secure, but having a different secure password for every online service is unmanageable.

That's why one should use a password manager. I use Roboform & have different complex passwords for my various accounts because, as Gaz said & you already know, it's bad form to use the same passwords for multiple accounts. I almost never have to type in my password on my computers or iPhone or iPad.

[Sugeeth Krish 476]

I completely disagree and would like an answer to this.  I've never used my evernote account but that means hackers may still have my email and password. The two together can give access to other accounts. Please don't give me the thing about a secure password, it is secure, but having a different secure password for every online service is unmanageable.

 

The fact that there is no way to delete my account information from Evernote is seriously worrying.  It is also in breach of several data protection acts, although presumably not the one which is applicable to Evernote's jurisdiction.

 

I am simply surprised that a renowned and high quality service such as Evernote has no real account deletion possibilities. Very dissapointing.

 

Having the same password, however complex is asking for trouble. One account in any service gets hacked, and then you could be in serious trouble, for all else.

 

I had no idea that you could not delete your EN account until now ( not that i want to ), but if this is the case, this worries me, because i remember reading somewhere of EN's 3 laws of data protection, which also said that our data belonged to us, and we could leave, whenever we want to.

[GrumpyMonkey 4,320]

I completely disagree and would like an answer to this.  I've never used my evernote account but that means hackers may still have my email and password. The two together can give access to other accounts. Please don't give me the thing about a secure password, it is secure, but having a different secure password for every online service is unmanageable.

 

The fact that there is no way to delete my account information from Evernote is seriously worrying.  It is also in breach of several data protection acts, although presumably not the one which is applicable to Evernote's jurisdiction.

 

I am simply surprised that a renowned and high quality service such as Evernote has no real account deletion possibilities. Very dissapointing.

 

Having the same password, however complex is asking for trouble. One account in any service gets hacked, and then you could be in serious trouble, for all else.

 

I had no idea that you could not delete your EN account until now ( not that i want to ), but if this is the case, this worries me, because i remember reading somewhere of EN's 3 laws of data protection, which also said that our data belonged to us, and we could leave, whenever we want to.

Hi. No need to worry.

(1) Delete you notes, empty the trash, and sync. This will get rid of everything inside of your account.

(2) Go to evernote.com > sign in > settings > "deactivate account"

The problem the OP had was with the password reset, if I recall correctly, and if they cannot access the account, they just need to contact customer service. Again, no need to worry

[GrumpyMonkey 4,320]

I completely disagree and would like an answer to this.  I've never used my evernote account but that means hackers may still have my email and password. The two together can give access to other accounts. Please don't give me the thing about a secure password, it is secure, but having a different secure password for every online service is unmanageable.

 

The fact that there is no way to delete my account information from Evernote is seriously worrying.  It is also in breach of several data protection acts, although presumably not the one which is applicable to Evernote's jurisdiction.

 

I am simply surprised that a renowned and high quality service such as Evernote has no real account deletion possibilities. Very dissapointing.

 

Having the same password, however complex is asking for trouble. One account in any service gets hacked, and then you could be in serious trouble, for all else.

 

I had no idea that you could not delete your EN account until now ( not that i want to ), but if this is the case, this worries me, because i remember reading somewhere of EN's 3 laws of data protection, which also said that our data belonged to us, and we could leave, whenever we want to.

Hi. No need to worry.

(1) Delete you notes, empty the trash, and sync. This will get rid of everything inside of your account.

(2) Go to evernote.com > sign in > settings > "deactivate account"

The problem the OP had was with the password reset, if I recall correctly, and if they cannot access the account, they just need to contact customer service. Again, no need to worry

[nbb 1]

I reactivated my Evernote account in order to reset my password.  I guess I'll just set the password to nonsense and deactivate again.  I removed all my notes, etc, when I deactivate it before, as suggested above.

I definitely appreciate the concept of deactivation over deletion, but any site should provide the ability to erase yourself from their service.  It just feels weird to leave this account around that I don't use, deactivated or not.

 

Thanks for the feedback, everyone.

 

NBB

[BurgersNFries 2,407]

The problem the OP had was with the password reset, if I recall correctly, and if they cannot access the account, they just need to contact customer service. Again, no need to worry

 

Actually, I think OP's issue was he/she was annoyed at having to reset a password for an account they don't use.  I don't see a problem here & would have not bothered to reset the password, myself. 

[BurgersNFries 2,407]

I reactivated my Evernote account in order to reset my password.  I guess I'll just set the password to nonsense and deactivate again.  I removed all my notes, etc, when I deactivate it before, as suggested above.

I definitely appreciate the concept of deactivation over deletion, but any site should provide the ability to erase yourself from their service.  It just feels weird to leave this account around that I don't use, deactivated or not.

 

Thanks for the feedback, everyone.

 

NBB

IMO, if you don't use the account & have removed all notes & emptied the trash, I don't know why you'd bother changing the password. Or, if you think there's a slight chance you may want to reactivate the account, change the password to something you'll have access to (like in a password manager.) I'm not sure what you mean about changing the password to 'nonsense.' Anyway, your account, your choice & am glad you seem to have resolved the issue to your satisfaction.

[ItsOnlyMe 0]

I think these answers whilst helpful don't address the fact that Evernote have data of mine I don't want them to have and there is apparently no way to remove this data. I would not expect this from such a well known site as Evernote.

[BurgersNFries 2,407]

I think these answers whilst helpful don't address the fact that Evernote have data of mine I don't want them to have and there is apparently no way to remove this data. I would not expect this from such a well known site as Evernote.

 

The only data they would have is your email address, which they do not sell or share.  Unless you are careless & use the same password for other accounts (which you've already acknowledged & as pointed out is bad form) or did not clear out your data by deleting the notes, emptying the trash & sync'ing.  As has been pointed out by GM above, you can contact customer support if the fact that they have your email address concerns you. Sounds like if this is such a concern for you that you should use a throwaway email address for testing things out. They are free & abundant.

[Sugeeth Krish 476]

I reactivated my Evernote account in order to reset my password.  I guess I'll just set the password to nonsense and deactivate again.  I removed all my notes, etc, when I deactivate it before, as suggested above.

I definitely appreciate the concept of deactivation over deletion, but any site should provide the ability to erase yourself from their service.  It just feels weird to leave this account around that I don't use, deactivated or not.

 

Thanks for the feedback, everyone.

 

NBB

 

I think this person has a point here. If he has deleted all his notes, then it means that he is not happy for whatever reason, and is not even comfortabel with leaving his email id on Evernote's servers. I know many other services who don't delete accounts, but still he has every reason to be concerned. I think EN should consider deleting accounts permanently to make users more comfortable with their service.

[gazumped 11,713]

I reactivated my Evernote account in order to reset my password.  I guess I'll just set the password to nonsense and deactivate again.  I removed all my notes, etc, when I deactivate it before, as suggested above.

I definitely appreciate the concept of deactivation over deletion, but any site should provide the ability to erase yourself from their service.  It just feels weird to leave this account around that I don't use, deactivated or not.

 

Thanks for the feedback, everyone.

 

NBB

 

I think this person has a point here. If he has deleted all his notes, then it means that he is not happy for whatever reason, and is not even comfortabel with leaving his email id on Evernote's servers. I know many other services who don't delete accounts, but still he has every reason to be concerned. I think EN should consider deleting accounts permanently to make users more comfortable with their service.

 

...and then you get into the whole "Evernote deleted my account when I didn't want it to" - and how long do you keep data before you decide it's no longer required..

 

There's a discussion going on somewhere else about how some Evernote users dip into the product and then come back again some time later when they properly perceive the need - having to re-enter some deleted notes might be a problem then..

 

Not arguing from any point of principle here,  just pointing out that every decision has its consequences and some people may prefer the opposite.  There's a quote somewhere about not pleasing all of the people all of the time.

 

And it's never as 'easy' as you think to implement a change in a widely-used package.

[GrumpyMonkey 4,320]

I reactivated my Evernote account in order to reset my password.  I guess I'll just set the password to nonsense and deactivate again.  I removed all my notes, etc, when I deactivate it before, as suggested above.

I definitely appreciate the concept of deactivation over deletion, but any site should provide the ability to erase yourself from their service.  It just feels weird to leave this account around that I don't use, deactivated or not.

 

Thanks for the feedback, everyone.

 

NBB

 

I think this person has a point here. If he has deleted all his notes, then it means that he is not happy for whatever reason, and is not even comfortabel with leaving his email id on Evernote's servers. I know many other services who don't delete accounts, but still he has every reason to be concerned. I think EN should consider deleting accounts permanently to make users more comfortable with their service.

 

This is a tempest in a teapot.

 

(1) Delete your data if you don't want Evernote to have it. It is easily done.

(2) Change your email to a fake one before you close your account if you don't want Evernote to have it. It is easily done.

(3) Deactivate your account if you don't want to use the service. It is easily done.

 

Not only are you in complete control of your data, but when Evernote finishes with the hardware used to store your data, they completely destroy the equipment so there is no way that anyone will gain unauthorized access to it (http://blog.evernote.com/tech/2012/09/25/protecting-your-data-the-broken-drives-edition/).  In other words, it is protected from start to finish, and the only way your data will be left anywhere within Evernote's servers is if you put it there. If you take responsibility for your data (following the three steps above), there is simply nothing to worry about, in my opinion.

[nbb 1]

This is all great info.  I don't have anything against Evernote, it was just actually too much functionality for what I need, so I went with SimpleNote which has almost no features besides the ability to save some text with a label on it.  Maybe I'll be back some day.