Jump to content

(Archived) Hackers still around?


Recommended Posts

I have received 4 emails to reset my password so far, and I've already done so during the initial announcement.

 

Problem #1:  If this email is legit, why do you need to keep sending the email?  Once is enough, and I can probably say it is not necessary at all -- just force the user to change their passwords when they login with the old one.

 

Problem #2:  In the email, there is a link which includes my email address.  It looks legit, but didn't Evernote said don't click password-reset links?  

 

Anyway, attached is the screenshot.

 

post-94238-0-54673200-1363457537_thumb.p

 

Is this legit?

Link to comment

I have received 4 emails to reset my password so far, and I've already done so during the initial announcement.

 

Problem #1:  If this email is legit, why do you need to keep sending the email?  Once is enough, and I can probably say it is not necessary at all -- just force the user to change their passwords when they login with the old one.

 

Problem #2:  In the email, there is a link which includes my email address.  It looks legit, but didn't Evernote said don't click password-reset links?  

 

Anyway, attached is the screenshot.

 

attachicon.gifEmail Evernote.png

 

Is this legit?

 

 

Definitely a case of "damned if you do & damned if you don't" b/c I'm sure if they only sent one email, at least one user would be peeved & wonder why they didn't send out followup reminders.  Bottom line, if you changed your password, you're good.  Additionally, as Chris said, are they all for the same account?  (I have a few EN accounts & don't recall if the dups were followups or for different accounts.)

 

WRT #2:  http://discussion.evernote.com/topic/35615-phishing-attach-underway-for-evernote-accounts/

Link to comment
  • Level 5

I can confirm, I have two accounts with two different email addresses and received two and only two reset emails. None since the weekend the hack was announced.

Link to comment
  • Evernote Staff

Yes that's ours. The link is included to make it easier to reset passwords. We generate a link so that each person receives a custom reset link for their accounts. If you've already reset yours feel free to ignore this.

There are a few scenarios where duplicates are showing up--we're doing what we can to limit these, but an occasional duplicate--thems the breaks of emailing 50 million people.

Link to comment

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
×
×
  • Create New...