I've changed my password right when i saw the message. My account was linked to my google account so i didn't think there was a separate password. I changed that recently to something much more complicated. I do agree that the bad actors probably found the password through the dark web and used it. I just wasn't aware that there was even a separate password, even when im connected through my google account.
Regarding the name "scannable" is it possible they spoofed the device name? I attached a quick picture. The android one is me.
I am asking since i had some sensitive information ie, social security info, on my evernote. It has since been deleted but i'm trying to figure out what my next step is.