marstone

1 hour ago, DTLow said:

I find it a good practice to encrypt my sensitive data.

Regardless, do you have any evidence your data has been compromised.  Evernote data is secured by an account  password

There is no direct evidence to prove my password is compromise by Evernote.

my surmises are based on:
1) Evernote is the only place i stored my cryptocurrency credentials
2) Multiple coin accounts(>= 5) of different type cryptocurrencies(3) are stolen in the same day, they are stored in a single note in Evernote. So I'm sure my Evernote data is compromised, but not sure it is from my password(a), or my devices(b), or direct server side database(c) hacking?
a. For password: I don't find suspicious "Access History" from Evernote settings. but because it is only show the last 3 months logins, from Sep 7th (just the same day my coins were stolen), so maybe the hacker logged in before that day. My password is not weak but also used in some others sites, so there is a small risk that it is leaked from other sites without a password salt
b. For devices: The notes are synchronized between my mac & pixel phone with carefully use, they look fine.
c. For Evernote server side security, I'm not sure. could hackers obtain my plain text data without my password? I see Tener said only a small percentage users affected, are some earlier notes not encrypted?

On 9/23/2017 at 2:05 PM, Rich Tener said:

@Artgirlofnm: Personal developer tokens are access tokens we let customers create who want to develop an application that integrates with our service. These tokens are not created by Evernote or its employees and use a similar authorization mechanism to our own Evernote clients.  The tokens are being used by the unauthorized users because they provide direct access to our API and make it easier for them to search for sensitive information. Revoking all applications removes it, so you don't need to worry about it. You are correct about your IP address changing. It will change every time you connect to a new network.

@xvisto: Unfortunately, we don't have your access history readily available, but we do know that the access happened sometime in August and September. We believe that the unauthorized person accessing Evernote accounts was specifically looking for cryptocurrency credentials.

that's really bad news for me.

I stored all my cryptocurrency credentials on Evernote and now i find that all my coins (worth 10k+ dollars) are stolen around September, 7th
I know it is my fault to fully trust Evernote to even store secret keys online
Now it is a really big lost for me.

What should I do/Any suggestions? my coins are mainly Ripple & Stellar