Gamer0987

12 minutes ago, CalS said:

If you don't want to use EN anymore, export your notes to HTML format, delete them all in EN, sync, then use settings on the web to delete the account.

If you want to continue to use EN, export your notes to ENML format by notebook, delete your account using the settings menu on the web,.create a new account, import the notes you exported.  Change your password on some period that feels comfortable to you after that.  If you gave access to EN to any secondary sites they will not work anymore.  

Hi @CalS

Thank you for your reply.

The 2nd part of your post is very informative - about the possibility of getting back on EverNote.

I was actually just waiting for confirmation from @Rich Tener about the deletion of Username and Pwd data from EN's database since I read about it as a given option. But someone from the CS Team has just given me the answer I needed for that too. Which, to whoever (to save yourself some accusations and trolling) else needs to know, is an affirmative one. 

Thank you both.

(tagged you both as an update so that no further replies needed)

1 minute ago, eric99 said:

In this case, there is no need for security improvements by evernote, but by yourself: you can't blame evernote that you used a single password for several accounts.

You assumed that (according to your accusation: I used 1 pwd for several accounts) - I didn't so it means, not my fault. Yeah, ok. EverNote doesn't need security improvements, sure. 😂 Seesh. So high on the defensive. Like some EverNote fan crazy forum.

1 minute ago, DTLow said:

Hackers have access to your device?  Is this Evernote related?

Late for a quip. /Yawn/. It's not even addressed to you. So take your wannabe-smart trolling elsewhere.

On 3/5/2019 at 3:25 AM, Rich Tener said:

Hi @Gamer0987. You are correct that we’ve seen an increase in this type of issue since 2017. And while we are always keeping an eye out for suspicious activity patterns, I appreciate your feedback that we didn’t act as quickly as you expected us to. We are primarily focused on detecting breaches of our service, which this was not.

Regarding the second email, we accidentally sent a second email to some of you. It was a mistake on our part and not because we detected suspicious activity on your account a second time. If you have already changed your password or setup 2FA, please ignore the second email we sent you.

What was compromised: The unauthorized user searched your account for passwords and cryptocurrency terms and downloaded the notes that we returned in the search results. They didn’t have access to your device; only your Evernote account, and only because they learned your password from somewhere other than us.

If you changed your password to one that you don’t use on another site, your account should be secure.
 

Thanks, @Rich Tener for your reply and assurance.

I know you and your team have been avoiding answering my biggest question as above but I hope that with some honesty and probably security improvements in the near future you guys will gain the trust of more users but:

Will asking for a deletion of my account remove my data from your databases and servers (will it be removed completely?)? - hence preventing existing user data from getting stolen by whatever 3rd party site?

Thank you.

Hi. It's 2019. This problem has been ongoing since 2017. Actually, why hasn't your security to safeguard your users improved yet?

This happened to me twice in a week. Your first warning email to me was on the 28th of Feb 2019. When I checked my list of devices, I saw a foreign "iPhone" which was logged in "3 MONTHS AGO". 3 months is a very long time. But nevermind, I revoked it and changed to a new strong password (yes symbols used, numbers, alphabets, long - like it was before as well). But today, 3 March, I received the same "Reset your password" email again. This is the 2nd time in the week. Obviously whatever site your hacker is getting our information from, clearly still has access to our login information; refreshed for him daily. So OK, honestly, I want this to stop (compromising the security of my device and other accounts) and I'd like some help and answers.

Can you tell us what was compromised? Is it only the notes in EverNote? Or was/is it possible for the hacker to access other information on our devices through EverNote?

Will asking the EverNote Team to delete my username and password stop "giving" access to my device to said hacker?

Will uninstalling EverNote (after requesting for deletion of Username and Password) actually stop compromising my device's safety further?

Hope to hear from you guys soon. Thanks!

@Rich Tener @gbarry