DisappointedUser

I don’t doubt this is the highest possibilities. 2FA would have stopped it. The cost Is negligible to Evernote. I just wonder why didn’t get the alert email during the other logins though it was obviously done on a new device? The cost to the email would have been negligible as well.

My issue is different. My account was hacked over two months ago and accessed from Russia, N Korea, Venezuela, Vietnam amongst other countries and only two after two months that I was contacted by email by Evernote to ask if I really logged from Venzuela. When I logged in after a password reset, I was shocked that I was never alerted on over two months of unauthorized access. Evernote requires you pay to have two factor authentication or to see a list of devices that logged onto your account. I have a support ticket open and intend to close my account after I hear their explanation. It is a massive Infosec practice if you ask me to witness this in a company with 250 million active users.

Hello, This is my first post. I have decided to post to bring attention to the user community. I had opened my account ten years ago. Evernote was a stellar note taking app at the time, when there were almost none on the market. Over the years I have met my years on my mobile phone Notes app. I received an email this morning that my account was accessed in some outlandish country. I have not used the app, which I have uninstalled for lack of use, nor logged into my account from the web. So this was a shocker to me. I was further shocked to find out that my account was being accessed from pariah states such as the Republic of North Korea, Vietnam and Venzuela over the last two months (please see account access log screenshot attached). NOT ONCE I was approached by Evernote to verify it was me accessing the account before this morning. This didn't trigger any red flags considering I have never been to those countries and I have never used an Android device. Of course, as a non-premium user, I am not entitled to check on devices login into my account or to use two factor authentication. Could this have been a marketing gimmick? I surely hope not. This really got me thinking why isn't Infosec team at Evernote monitoring account access? Why did it take two month to be notified. Just gone ahead and opened a support ticket. My heart is set to close the dormant account anyways, but I think a platform with 250 million users deserve better security practices as the last breach was in 2013, which is really way back in time. My intention is to raise attention of executives in Evernote to take security more serious and prevent such incidents for other users. Warm regards .. PS: please find my access log screen shot