So the hackers got a hold of a hash string stored on an Evernote server somewhere, and associated with me. This hash string has now been replaced with another hash string generated when I reset my password. My original password was pretty strong, and so is the new one. What I have not heard from either Evernote or anyone here is "...and Evernote has plugged the hole that allowed them to get the hashed passwords in the first place". If that hole isn't plugged, my data is as secure now as it was when I got the email.