Hello,
This is my first post. I have decided to post to bring attention to the user community.
I had opened my account ten years ago. Evernote was a stellar note taking app at the time, when there were almost none on the market.
Over the years I have met my years on my mobile phone Notes app.
I received an email this morning that my account was accessed in some outlandish country. I have not used the app, which I have uninstalled for lack of use, nor logged into my account from the web. So this was a shocker to me. I was further shocked to find out that my account was being accessed from pariah states such as the Republic of North Korea, Vietnam and Venzuela over the last two months (please see account access log screenshot attached).
NOT ONCE I was approached by Evernote to verify it was me accessing the account before this morning. This didn't trigger any red flags considering I have never been to those countries and I have never used an Android device. Of course, as a non-premium user, I am not entitled to check on devices login into my account or to use two factor authentication. Could this have been a marketing gimmick? I surely hope not.
This really got me thinking why isn't Infosec team at Evernote monitoring account access? Why did it take two month to be notified.
Just gone ahead and opened a support ticket. My heart is set to close the dormant account anyways, but I think a platform with 250 million users deserve better security practices as the last breach was in 2013, which is really way back in time. My intention is to raise attention of executives in Evernote to take security more serious and prevent such incidents for other users.
Warm regards ..
PS: please find my access log screen shot