Account Compromised? Please read.

[amanda_h 300]

Hi all,

Our security team is actively investigating an issue where some users are receiving emails from Evernote indicating notes have failed to be emailed from their account. It looks like this may have happened to accounts that utilize the same password on multiple websites. If you believe your account has been accessed by someone else, we suggest you do the following:

1. Change your password immediately. Choose a unique password that you don’t use on another website.
2. Review the list of Authorized Applications for your account. Revoke access to any applications that you are suspicious of or that accessed your account from an IP address you don’t know.
3. Set up two-step verification on your account as an additional layer of security.

Lastly, be sure to never share your account login with anyone else.

[JMichaelTX 4,117]

14 hours ago, amanda_h said:

Our security team is actively investigating an issue where some users are receiving emails from Evernote indicating notes have failed to be emailed from their account.

Thanks for advising us of this issue.

14 hours ago, amanda_h said:

t. It looks like this may have happened to accounts that utilize the same password on multiple websites.

To All Readers:

I agree with @amanda_h that you should always use a unique password for every web site/login.

To make this easy to manage, you can use a password manager like 1Password, which I highly recommend, or like LastPass.  There are other choices.  Using 1Password, once I log in to 1Password during a session, I can quickly auto-fill the UserName and password for every web site I visit, using a hotkey (that you can assign).

[GiacomoLaw 134]

@JMichaelTX But couldn't the master password be hacked, and then they have access to all your passwords?

Never liked the idea of password managers  

[upnix 36]

1 hour ago, GiacomoLaw said:

@JMichaelTX But couldn't the master password be hacked, and then they have access to all your passwords?

Never liked the idea of password managers  

I suppose it's a trade off to consider, but if you've chosen a good password (and it can be a good one, because it's the only one you need to remember) I doubt it could be "hacked." I think the biggest risk would be unlocking the password database on a computer with a keylogger.

What you've gained by using the password manager is the ability to use unique and impossibly hard passwords everywhere. Trying to create and remember good and unique passwords for every possible site seems much harder to accomplish than keeping your one password safe. I also think it's much more likely that bad guys will come across a password of yours from any one of the numerous sites you have an account on, rather than your password database.

I litter my password database all over the place as I think the biggest risk is losing access to it, and thereby losing access to everything. I put it on USB keys and give it to friends, it has it's own publicly accessible (but hopefully unknown) TinyURL. Once a year I change all the passwords to sites that I figure are "sensitive" (like my bank), and also change my master password. I suspect this is overkill.

 

Your mileage may vary, of course.

[DTLow 5,736]

4 hours ago, GiacomoLaw said:

But couldn't the master password be hacked, and then they have access to all your passwords?

If you have a strong password, you have less danger of being hacked
With a password manager; all your passwords are strong and unique for each site
- and you only have to remember one password

On my iPad I actually use my fingerprint to access LastPass (danger is reduced to my fingers being hacked)

[JMichaelTX 4,117]

3 hours ago, GiacomoLaw said:

@JMichaelTX But couldn't the master password be hacked, and then they have access to all your passwords?

Anything is possible, but, as the other guys have posted, hacking your master password in a password manager that runs ONLY on your local machine is very unlikely, especially if you use a very strong password for it.

Your master password is NEVER transmitted anywhere, unlike all the passwords you enter into online accounts.

Perhaps it has happened, but in 20+ years, I have never heard of anyone's master password on their local machine being hacked.

[Naman Sudan 0]

Hi, I bought the premium subscription on my phone and it works. But when I use Evernote on my mac, it shows that I have the basic subscription and not the premium one. Hence I am unable to use the premium features that I have paid for. Wtf am I supposed to do guys? Help me, ASAP.

[gazumped 11,661]

8 hours ago, Naman Sudan said:

Hi, I bought the premium subscription on my phone and it works. But when I use Evernote on my mac, it shows that I have the basic subscription and not the premium one. Hence I am unable to use the premium features that I have paid for. Wtf am I supposed to do guys? Help me, ASAP.

Hi.  Try syncing the Mac to update the settings - worst case,  log out of Evernote,  restart the Mac and log back in.  - And please start a new thread if you're raising a new query...

[righteousdork 203]

On 3/16/2017 at 10:39 AM, GiacomoLaw said:

@JMichaelTX But couldn't the master password be hacked, and then they have access to all your passwords?

Never liked the idea of password managers  

LastPass was a game changer for me.

I'm not a hacker, but I have to think they're looking for the weakest links (Yahoo perhaps) and other places where the security is lax, and maybe the servers aren't updated regularly.  LastPass could go out of business tomorrow if they don't take this stuff seriously. That helps me trust them.  I assume their employees like to put food on the table just like me.

[gbarry 2,658]

Update to this topic here: