There is no direct evidence to prove my password is compromise by Evernote.
my surmises are based on:
1) Evernote is the only place i stored my cryptocurrency credentials
2) Multiple coin accounts(>= 5) of different type cryptocurrencies(3) are stolen in the same day, they are stored in a single note in Evernote. So I'm sure my Evernote data is compromised, but not sure it is from my password(a), or my devices(b), or direct server side database(c) hacking?
a. For password: I don't find suspicious "Access History" from Evernote settings. but because it is only show the last 3 months logins, from Sep 7th (just the same day my coins were stolen), so maybe the hacker logged in before that day. My password is not weak but also used in some others sites, so there is a small risk that it is leaked from other sites without a password salt
b. For devices: The notes are synchronized between my mac & pixel phone with carefully use, they look fine.
c. For Evernote server side security, I'm not sure. could hackers obtain my plain text data without my password? I see Tener said only a small percentage users affected, are some earlier notes not encrypted?