Rich Tener

@addmoo The notification emails you received after you changed your password are just delayed. Our email systems queue the outbound emails and may try to deliver for a couple of days before they give up and let you know. If you don't see any unexpected access in your Access History, you successfully kicked out whoever was using your account to send the emails.

Our email system may continue to retry sending an email, even after you change your password and revoke any connected devices and sessions. The notifications are just delayed and not an indication that someone is still using your account to email notes. When we received reports about the bounced emails, I reviewed the activity patterns and saw similar behavior across most of our affected users. Not always though. In many cases, it wasn't clear whether the account login was suspicious until the account started sending emails. I agree that this type of activity is something that our users want to be notified about. We are working on adding a feature to our service that will notify you whenever someone logs into your account from a new device or network location. For the users that received bounce notification emails from our service, we haven't found any evidence that the person that accessed your account read any of your notes. They only seem to be using Evernote accounts to deliver spam by creating a new note, emailing that note, and then deleting that note.

Hi, I lead Evernote's security team and can help answer some of your questions. Someone could have learned the password to your account in a variety of ways. The most common situation is when you use your Evernote password on another web site and that other web site gets hacked. Another possibility is that you entered your Evernote password on a computer that was infected with malware and the malware sent it to someone who collects and then uses or sells those collected usernames and passwords. To keep your data safe, change your password to a strong one that you only use on Evernote and setup two-step verification. That will make it very difficult for someone to break into your account.

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread. As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.