Jump to content

Rich Tener

Level 2
  • Posts

  • Joined

  • Last visited

  • Days Won


Rich Tener last won the day on March 2 2019

Rich Tener had the most liked content!

About Rich Tener

Recent Profile Visitors

7,635 profile views

Rich Tener's Achievements




Community Answers

  1. @Rich Tener

    Dear Rich,

    I have been using Evernote from 2017. I recently noticed that my account was logged in through a couple of devices that are not my own and from different countries I do not live in or have never been to. This is very alarming, and I did not receive any email informing me about this malicious activity. I am attaching the details of those malicious devices with this message. I have changed my password and enabled two-factor authentication. This however will not address the issue if the person involved has downloaded my data and has a local copy of it. I hope some action will be taken on these individuals. I am also posting a copy of this message for the community.

    Thank you. 


    Devices and locations:

    Evernote for Android

    Android-Android-Samsung Galaxy Note10+

    • 06/15/2021
    (Khulna, Bangladesh)


    Evernote for Android

    Android-Android-Huawei HONOR V20

    • 06/28/2021
    (Tirane, Albania)
  2. I would like to use AutoHotkey scripts to access banks etc. EV stores these scripts as attachments in an insecure folder (Evernotes/Databases/Attachments). Even if I delete the scripts from this folder they return when I next use them. How can I save attachments securely?

  3. Unfortunately, I did not get the email notifications about unauthorized access to my Evernote account. I discovered it by accident, and it had been going on from January 2019 (when an unauthorized device was added- also with no kind of notice back to me for confirmation) until I changed the password on April 12. I know we as users need to take responsibility for securing our accounts, but it seems Evernote has known about this situation for quite some time and whatever measures were put in place to help are not working. ~ Thanks.

    1. Attorney Mordekhova

      Attorney Mordekhova

      to whoever it may concern, am I the only one who is not able to resolve tech issues with Evernote? why pay for the software if it does not save the notes and does not back them up? no live person customer support, nobody cares? whats up with that? How do you guys survive in this market?? I keep losing my updated notes every DAY for the past week , nobody seems to know why or offer  a solution 


      I got a couple of lame responses from some tech support person named Joyce who basically told me that there is no problem with my account 




  4. @k8h - as we mentioned in the email: "We believe someone has learned your password from a website or service not associated with Evernote." They didn't learn your password from us. The most likely way they learned it was by stealing it from another site that you used the same password on. @ChrisB009- Your memory serves you correctly, but the email you just received wasn't because Evernote was breached. This was someone learning your password from another site and opportunistically logging into your account. They are automating that process and logging in multiple times as they come up with new things to search for. I agree with you that nothing is 100% secure, but to anyone reading this, if you care about protecting the data in your account, you need to use a unique password or setup two-factor authentication.
  5. @sfatih, we don't have an automatic notification system to notify you when someone logs in from a new country or a new device. I understand that this is a common expectation and I'm working with our engineering teams to prioritize getting those capabilities built into our service.
  6. Hi @tedwlm. To protect your privacy, we never look at what an individual searches for in their account. Instead, we have a process to de-identify and aggregate common search terms across our broader population. When we did this, we saw the same terms being searched consistently across a number of accounts that matched up with the number of affected customers. The search terms included a number of different cryptocurrency terms such as “Bitcoin” and “Ethereum”, but also more generic terms like “password”. We suspect that if they find passwords, they feed those into their automation to test against other services, much the same way they test usernames and passwords against Evernote.
  7. I recieved one of those evernote emails stating to change my email due to suspicious behavior,  I knew it was a spam! I never clicked on it, I haven't used Evernote in ages! It came from " team@email.evernote.com

    If you see "TEAM " in front of @ its FAKE!! To be on the safe side I went to the app itself and changed my password just incase, and reset and revoke, and i logged out and uninstall the app because  I haven't used it in ages! 

    Screenshot_20190305-024031_Yahoo Mail.jpg

    Screenshot_20190305-024038_Yahoo Mail.jpg

    1. Rich Tener

      Rich Tener

      Hi sunya, this is not spam. This was from us and is legitimate. The important part of verifying the email is not the name before the @. It's the domain after the @. In this case emails.evernote.com is an official Evernote domain that we send email from. You can verify this by checking out this page:  https://evernote.com/security/tips

  8. Hi @VanessaW, We are always keeping an eye out for suspicious activity and once we start to see a pattern, we take action to protect the affected customers. I appreciate your feedback that we didn’t act as quickly as you expected us to. We are primarily focused on detecting breaches of our service, which this was not. This was someone that knew your password and logged into your account. The number of Evernote customers affected by this issue is a small percentage. While it looks like hundreds of hackers accessed your account from different countries, it is more likely that it was only one person or a small group. They are using an automation tool that makes it look like they are using an iPhone or Android phone. It isn’t a human logging in with a mobile device, just a machine pretending to be one. Once they discover a username and password that works, they use their automation tool to login over and over, probably as they expand their search for different things. It started as cryptocurrency but could have evolved to other sensitive information types. It looks like they are logging in from many different countries because they are proxying their tool through a large network of devices that spans almost every country. Protecting your account is a shared responsibility between us and you. If you reuse a password on Evernote that you use on other sites, you are putting your data at risk. We recommend that you either setup two-factor authentication or change your Evernote password to a unique one that you don’t use anywhere else. I suggest checking out https://haveibeenpwned.com/ to give you an idea of how many data breaches you might have been included in and change any password that you used on those sites.
  9. Hi @Gamer0987. You are correct that we’ve seen an increase in this type of issue since 2017. And while we are always keeping an eye out for suspicious activity patterns, I appreciate your feedback that we didn’t act as quickly as you expected us to. We are primarily focused on detecting breaches of our service, which this was not. Regarding the second email, we accidentally sent a second email to some of you. It was a mistake on our part and not because we detected suspicious activity on your account a second time. If you have already changed your password or setup 2FA, please ignore the second email we sent you. What was compromised: The unauthorized user searched your account for passwords and cryptocurrency terms and downloaded the notes that we returned in the search results. They didn’t have access to your device; only your Evernote account, and only because they learned your password from somewhere other than us. If you changed your password to one that you don’t use on another site, your account should be secure.
  10. We accidentally sent a second email to some of you. It was a mistake on our part and not because we detected suspicious activity on your account a second time. If you have already changed your password or setup 2FA, please ignore the second email we sent you.
  11. @airflight, we did not see any evidence of the hacker adding attachments or modifying content. They were only searching and reading the notes that were returned in the search results.
  12. @sam_beh we are starting to get reports from people that found an Android phone instead of an iPhone. These incidents are related, and a lot of the same users are affected.
  13. Hi folks, I lead the security team at Evernote. If you, or the people in your network receive an email from Evernote mentioning that we’ve detected suspicious activity, please know that this is not a hoax or spam message; it’s from us. The Evernote service and our apps are still secure; however, we discovered an unauthorized person testing a list of usernames and passwords that they stole from a site not associated with Evernote. If this person had the correct password for your account, they connected an iPhone app to it; and then used that app to search for cryptocurrency credentials. You need to take some actions to protect access to your account. Change your password to a unique one. Make it one that isn’t easy to guess. Make it one that you don’t use on another web site. Consider using a password manager to keep track of your passwords. Revoke any Authorized Applications that you are suspicious about or that accessed your account from an IP address you don’t know Install an anti-malware application on your computer and run it periodically to clean up any known malware. Setup two-factor authentication on your account, especially if you don’t want to use a unique password on your Evernote account. Then, even if someone learns your password, they won’t be able to access your account without also stealing your phone.
  14. @jefito thank you for the suggestion; we will post more about this type of issue and how it relates to password reuse in broader forum. I wish I could say that this was a one-time event. We detect and respond to multiple groups of people testing stolen credential lists against our service. It's also not unique to us. It's constant activity hitting every major web service. For anyone that would like to see if they are affected by a public breach and have had their password stolen, check out https://haveibeenpwned.com/ It's not an exhaustive list, but shows the importance of using a unique password on every web site you use or setting up 2FA.
  15. @Rogueblue, if you are using a unique password on your Evernote account that you've never used anywhere else, I'm happy to open a support case to look into your specific situation. It's unlikely anyone stole your Evernote password from us. We only store your password using a secure, irreversible hashing method. Even we don't know what your password is; we can only take the password you enter when you login and run it through the same one-way secure hashing method and compare the result. The unauthorized user isn't targeting you specifically. They are testing a list of stolen usernames and passwords and if they find one that works, they are logging in to search for things like cryptocurrency credentials and other passwords. If you are using your Evernote password on other web services, you might want to check out https://haveibeenpwned.com/ . It's not an exhaustive list, but will tell you some of the public breaches that affected you.
  • Create New...