Jump to content
2019 Calendar Templates Read more... ×
Rogueblue

Security and unauthorized access to my account!

Recommended Posts

I am seriously concerned about the security of your app and my notes!
This is the 2nd time within less than 2 weeks that I have noticed a device that is not mine attached to my account.
Please see attached!
I do not own an iphone. I have Never owned an iPhone!!
And I already removed this device a week ago, how is it that it again has access to my account??
This is not acceptable and a violation and security issue for all users over your service and app!

iphone 2_cropped.JPG

Share this post


Link to post

This is 100% happenning with same.

Exactly same issue.

I never owned an iPhone. Nobody in my family does.

If it is a security breach, then it is so dangerous.

If it is evernote's attempt to make me pay, that's too cheap.

Evernote, please take note, this is worth a public tweet I believe.

image.thumb.png.744053150c0b47136a0202992d57ee36.png

Share this post


Link to post

Hi @Rogueblue and @KazimZaidi,

I lead the security team at Evernote. The Evernote service and our apps are still secure. I believe that an unauthorized person has learned your password, possibly because you used the same password on a different site, and that site experienced a security breach. This unauthorized person is using an iPhone app to connect to your account. If you revoked the device, but didn’t change your password, they were able to connect their iPhone app a second time.

You need to take some actions to protect access to your account. 

  1. Change your password to a unique one. Make it one that isn’t easy to guess. Make it one that you don’t use on another web site. Consider using a password manager to keep track of your passwords.
  2. Revoke any Authorized Applications that you are suspicious about or that accessed your account from an IP address you don’t know
  3. Install an anti-malware application on your computer and run it periodically to clean up any known malware.
  4. Setup two-factor authentication on your account, especially if you don’t want to use a unique password on your Evernote account. Even if someone learns your password, they won’t be able to access your account without also stealing your phone.

Share this post


Link to post

Hi Rich. I'm sorry but I think that is rubbish. I work alone and no one has access to my password. And secondly if anyone did, they surely would have no reason to want to access my personal notes as what I save is of no interest to anyone.

I have removed the access twice already. It can only come from Evernote itself!

Share this post


Link to post

@Rogueblue, if you are using a unique password on your Evernote account that you've never used anywhere else, I'm happy to open a support case to look into your specific situation.

It's unlikely anyone stole your Evernote password from us. We only store your password using a secure, irreversible hashing method. Even we don't know what your password is; we can only take the password you enter when you login and run it through the same one-way secure hashing method and compare the result. 

The unauthorized user isn't targeting you specifically. They are testing a list of stolen usernames and passwords and if they find one that works, they are logging in to search for things like cryptocurrency credentials and other passwords.

If you are using your Evernote password on other web services, you might want to check out https://haveibeenpwned.com/ . It's not an exhaustive list, but will tell you some of the public breaches that affected you.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×