Hi, I received an email at the end of last week warning me of a security breach in my Evernote account. Rich Tener from Evernote posted a reply to other concerns of the same nature. He said that one person using an iPhone obtained the username/password from another site and was 'trying' out the details in an attempt to obtain cryptocurrency information. This is in fact not true. Firstly, I received my first notification from Evernote only last week, however, when logging into my Evernote account (prompted by the alert) and checking the activity report, hundreds of people have been gaining access to my account from various places around the globe for the past two months (this is as far back as my activity monitor appears to let me go – it has likely been going on for much longer than that). In just one day, my Evernote account was being accessed by a person in Indonesia, another in India, another in Jakarta, and so on. Multiple access from multiple countries in just one day! How is it that I only received a "suspicious activity" email now? How does this type of activity over a period of months not send red flags to the Evernote security team? I have also been receiving blackmail emails from multiple people – sometimes several a day – my "password" was mentioned in the subject line of the email. I started receiving blackmail emails last year using my Evernote password in the subject line, clearly to get my attention and force me to open the mail! On opening the email, the sender said that they had my password and had accessed my computer. As it happened, one of my computers did indeed use that password (yes, a bad security practice on my part, I know!). The blackmailer was trying to get me to cough up $6000 to keep quiet about some "online activity" that I'd supposedly been involved in – in fact, they said they had gained access to my computer and "recorded" me and unless I paid up, those recordings would be circulated to everyone in my contacts list. Fortunately, I was able to safely ignore the emails, but I'm sure there are many people who are not in such a position and who also don't understand technology well enough to know what is and is not possible, only to cough up insane amounts of money to protect their reputations. I was also lucky in that I had no information in Evernote because I never really got to use the app. But what about other users, Evernote clients who have highly sensitive information in their accounts? There were only two other websites I had used that particular password on and I immediately went onto those sites last year and changed the password. I had completely forgotten about Evernote because I never use it. But the emails kept coming. I continued to ignore them. Whether the breach originated in Evernote cannot be known for sure, but I can say that since I changed my Evernote password last week, I've not received another blackmail email. I understand that breaches happen to even the best of systems, but I am very concerned about the "security" of a system that allows hundreds of people to access an account over a period of months from multiple "vast" geographical destinations in the space of just a day, every day, and pick that up only now???? I have attached a screenshot of that activity ..... this kind of activity completely undermines the integrity of the Evernote system. I feel an obligation to warn other Evernote users of this severe breach, particularly those who store sensitive information in their Evernote apps - it's not just a case of one person using an iPhone as Evernote has made out (my hundreds of hackers have used Android phones).