datguy348

Unfortunately my Evernote account was compromised on Wednesday March 15th and sensitive financial data was stolen. I watched the hack take place realtime and it was heart breaking. I did not have 2FA enabled. Correct me if I'm wrong, but on the free plan only two devices should be allowed. My phone and my computer, that's it. Here's a timeline of events: 12:05PM - Receive an email notification from Evernote that someone tried to log in. Evernote mentions they have blocked new logins until they can verify it's me. I was never verified. 1:54PM - Receive an email notification of a new login from an IP in Wyoming (turns out to be a TOR Exit Node address). I end up disabling access 2:48PM - Receive an email notification of a new login from an IP in Germany (turns out to also be a TOR Exit Node address. I scramble to change pw and check data and to my horror I realize it's stolen Is there an exploit going around targeting Evernote accounts or was I the victim of a targeted attack? How was this user allowed to access when there is a two device limit and none were removed? Thanks