Jump to content


Level 1
  • Content Count

  • Joined

  • Last visited

Posts posted by johnqjx

  1. On 9/8/2018 at 7:25 AM, Rich Tener said:

    Hi everyone,

    I lead the security team at Evernote. Our security team recently discovered a credential stuffing attack against our service. An unauthorized person has been testing a list of passwords stolen from a site not associated with Evernote. For the small percentage of our users that were affected, the unauthorized individual connected an iPhone to their Evernote account and ran multiple searches, most likely looking for cryptocurrency credentials. For many Basic-tier users, this pushed them over their device limit.

    We've been experiencing significant delays with delivering suspicious login notification emails. I'm sorry about that and are working on fixing that notification service.

    The Evernote service is still secure, and we are planning to act to protect the affected users. We will be notifying them, revoking the unauthorized iPhone, and expiring their password. The recommendations in this thread about using a complex password and setting up 2FA are good. You can also find some helpful tips here: https://evernote.com/security/tips 

    If you have any additional questions, feel free to ask.

    Hi @Rich Tener,

    My account has been compromised as well. Would it be possible to verify if any changes were made, and what notes were accessed? Basically a way to evaluate the breach. Thank you!

  • Create New...