Yes to encryption, and certainly 2FA is far better than 1FA....but consider the weaknesses of 2FA pointed out in the following blog: https://sites.cns.utexas.edu/oit-blog/blog/can-two-factor-authentication-be-hacked My vote would be for encryption, or don't store critical data on a cloud-based app.
Same type of hack as OP. Was notified by Evernote of login from foreign remote IP (below). We noticed a new login to Evernote and wanted to make sure it was you. Where: South Korea When: 2018-08-28 04:22 UTC I did have a weak password, and did not have much in the way of docs at risk. Easy fix to hack, but they are out there.....careful on your passwords. Maybe multi-step authentication?