Jump to content

Rich Tener

Level 2
  • Content Count

    52
  • Joined

  • Last visited

  • Days Won

    2

Rich Tener last won the day on March 2 2019

Rich Tener had the most liked content!

Community Reputation

84 Great

About Rich Tener

Profile Information

  • Subscription
    BASIC

Recent Profile Visitors

6,899 profile views
  1. I would like to use AutoHotkey scripts to access banks etc. EV stores these scripts as attachments in an insecure folder (Evernotes/Databases/Attachments). Even if I delete the scripts from this folder they return when I next use them. How can I save attachments securely?

  2. Unfortunately, I did not get the email notifications about unauthorized access to my Evernote account. I discovered it by accident, and it had been going on from January 2019 (when an unauthorized device was added- also with no kind of notice back to me for confirmation) until I changed the password on April 12. I know we as users need to take responsibility for securing our accounts, but it seems Evernote has known about this situation for quite some time and whatever measures were put in place to help are not working. ~ Thanks.

    1. Attorney Mordekhova

      Attorney Mordekhova

      to whoever it may concern, am I the only one who is not able to resolve tech issues with Evernote? why pay for the software if it does not save the notes and does not back them up? no live person customer support, nobody cares? whats up with that? How do you guys survive in this market?? I keep losing my updated notes every DAY for the past week , nobody seems to know why or offer  a solution 

       

      I got a couple of lame responses from some tech support person named Joyce who basically told me that there is no problem with my account 

       

       

      REALLY? 

  3. @k8h - as we mentioned in the email: "We believe someone has learned your password from a website or service not associated with Evernote." They didn't learn your password from us. The most likely way they learned it was by stealing it from another site that you used the same password on. @ChrisB009- Your memory serves you correctly, but the email you just received wasn't because Evernote was breached. This was someone learning your password from another site and opportunistically logging into your account. They are automating that process and logging in multiple times as they come
  4. @sfatih, we don't have an automatic notification system to notify you when someone logs in from a new country or a new device. I understand that this is a common expectation and I'm working with our engineering teams to prioritize getting those capabilities built into our service.
  5. Hi @tedwlm. To protect your privacy, we never look at what an individual searches for in their account. Instead, we have a process to de-identify and aggregate common search terms across our broader population. When we did this, we saw the same terms being searched consistently across a number of accounts that matched up with the number of affected customers. The search terms included a number of different cryptocurrency terms such as “Bitcoin” and “Ethereum”, but also more generic terms like “password”. We suspect that if they find passwords, they feed those into their automation to test agai
  6. I recieved one of those evernote emails stating to change my email due to suspicious behavior,  I knew it was a spam! I never clicked on it, I haven't used Evernote in ages! It came from " team@email.evernote.com

    If you see "TEAM " in front of @ its FAKE!! To be on the safe side I went to the app itself and changed my password just incase, and reset and revoke, and i logged out and uninstall the app because  I haven't used it in ages! 

    Screenshot_20190305-024031_Yahoo Mail.jpg

    Screenshot_20190305-024038_Yahoo Mail.jpg

    1. Rich Tener

      Rich Tener

      Hi sunya, this is not spam. This was from us and is legitimate. The important part of verifying the email is not the name before the @. It's the domain after the @. In this case emails.evernote.com is an official Evernote domain that we send email from. You can verify this by checking out this page:  https://evernote.com/security/tips

  7. Hi @VanessaW, We are always keeping an eye out for suspicious activity and once we start to see a pattern, we take action to protect the affected customers. I appreciate your feedback that we didn’t act as quickly as you expected us to. We are primarily focused on detecting breaches of our service, which this was not. This was someone that knew your password and logged into your account. The number of Evernote customers affected by this issue is a small percentage. While it looks like hundreds of hackers accessed your account from different countries, it is more likely that it was on
  8. Hi @Gamer0987. You are correct that we’ve seen an increase in this type of issue since 2017. And while we are always keeping an eye out for suspicious activity patterns, I appreciate your feedback that we didn’t act as quickly as you expected us to. We are primarily focused on detecting breaches of our service, which this was not. Regarding the second email, we accidentally sent a second email to some of you. It was a mistake on our part and not because we detected suspicious activity on your account a second time. If you have already changed your password or setup 2FA, please ignore the
  9. We accidentally sent a second email to some of you. It was a mistake on our part and not because we detected suspicious activity on your account a second time. If you have already changed your password or setup 2FA, please ignore the second email we sent you.
  10. @airflight, we did not see any evidence of the hacker adding attachments or modifying content. They were only searching and reading the notes that were returned in the search results.
  11. @sam_beh we are starting to get reports from people that found an Android phone instead of an iPhone. These incidents are related, and a lot of the same users are affected.
  12. Hi folks, I lead the security team at Evernote. If you, or the people in your network receive an email from Evernote mentioning that we’ve detected suspicious activity, please know that this is not a hoax or spam message; it’s from us. The Evernote service and our apps are still secure; however, we discovered an unauthorized person testing a list of usernames and passwords that they stole from a site not associated with Evernote. If this person had the correct password for your account, they connected an iPhone app to it; and then used that app to search for cryptocurrency credential
  13. @jefito thank you for the suggestion; we will post more about this type of issue and how it relates to password reuse in broader forum. I wish I could say that this was a one-time event. We detect and respond to multiple groups of people testing stolen credential lists against our service. It's also not unique to us. It's constant activity hitting every major web service. For anyone that would like to see if they are affected by a public breach and have had their password stolen, check out https://haveibeenpwned.com/ It's not an exhaustive list, but shows the importance of using a un
  14. @Rogueblue, if you are using a unique password on your Evernote account that you've never used anywhere else, I'm happy to open a support case to look into your specific situation. It's unlikely anyone stole your Evernote password from us. We only store your password using a secure, irreversible hashing method. Even we don't know what your password is; we can only take the password you enter when you login and run it through the same one-way secure hashing method and compare the result. The unauthorized user isn't targeting you specifically. They are testing a list of stolen usernam
  15. @nathanavish and @bklyngrrl, thank you for the feedback. I realize we aren't meeting your expectations regarding notification and we have both these feature requests filed. @DTLow's advice to post it as a feature request is good. I'll also send this discussion to our product management team. @FloBorge, our service is still secure, but a small percentage of our customers have had their passwords stolen from other sites. The unauthorized person is using a very large network of compromised computers to proxy through, which you and other affected customers see access from different countries.
×
×
  • Create New...