I received the same email and changed my password. Seems several logins from off shore of the US was successful over the past few weeks. This is nothing new - look back in history. Evernote was hacked several years back (around 2013 I believe). If memory serves me - Evernote required all 50MM accounts to change passwords. My rule of thumb; I don't store any sensitive information on the web unless I don't care if it's compromised / stolen. Nothing is secure regardless of how intense one tries to safeguard as the security was built by man - it can be defeated by man (coming from someone who worked in cryptology).