(Archived) Support confirms my unsynced notes are irrecoverable with the password reset

[JonathanM 0]

Hi everyone,

 

Some bad news for me and some of your trying to recover lost notes.  I had a days worth of unsynced notes on the my iPhone which were deleted when the password reset was activated.  After dealing with premium support for several days this is the message I received today:

 

 

 

Ticket # 16051-250333

Dear valued customer,

 

I apologize for the inconvenience this has caused. Unfortunately any notes that were not synced to our severs when the password reset went into effect are gone. I am truly sorry for the data loss that you have now had.

 

Thank you for your continued patience.

 

Summer

 

Evernote Support

 

I'm not happy with this at all and as a paying customer I will be seeking redress. What is clear now is that Evernote for no reason what-so-ever remote wiped Evernote on user's iPhone with no warning or notification to allow users to copy their data.  I would not have minded having to copy-paste unsynced notes across before resetting the account but no opportunity was given.  I feel extra sorry for those who have never synced their notes... deleting users data is just the worse thing Evernote could have ever done.

[gazumped 11,656]

Hi Jonathan.  I'm sorry you lost your data,  and I can imagine your frustration - I had a similar problem with an Android app that informed me I had unsynced notes that would be lost if I quit out of the app (to end the current session and allow me to reset the password).  In the event I found out about the app updates that had been issued from posts here,  and once I downloaded and installed the update there was no more mention of unsynced notes.  Either doing things in that order fixed the problem or - equally likely - just suppressed the error and my unsynced note changes were lost anyway.

 

You'll obviously continue your dialogue with Evernote,  but I'm not going to bother raising this.  Evernote don't make any commitment (that I'm aware of) to hold your data safe unless and until it hits their servers.  And your data wasn't 'remotely wiped',  it was simply data that was lost from your iPhone because it was part of the app processes that crashed when the connection to the servers was lost.  The same would have applied if you quit the application for any other reason without completing the sync to the server,  and the way to minimise that risk is to make sure you sync successfully at the end of any activity so your data is safe.

 

Evernote,  I think,  took the only action they could in light of a raid on their (and our) password store - they effectively invalidated all passwords so that all users were forced to re-validate their session and change them.  It was the only way to absolutely safeguard user data against possible further attack,  and I'm grateful they had the sense -and the nerve- to do that.

 

Almost none of the millions of Evernote users seem to have come out of the experience without inconvenience or some kind of data loss.  But arguing about what they 'should' have done is a pointless exercise in hindsight - it's also a bit like air passengers who survived a disaster through the inspired actions of the pilot, then suing him for bruises incurred in the landing.

 

Using electronic means to record data is inherently risky - anyone who's lost data to a spreadsheet crash,  the BSOD,  fat finger syndrome or a laptop's evil ability to run out of battery when you're 90% through something essential can testify to that.  

 

Evernote's support team have been working heroically to get people reconnected with their 'lost' data wherever possible. In many cases they seem to have been successful.  If you're now convinced though that your data is lost,  I'd suggest you're better off spending time reconstructing what you can rather than trying to make a case that they should have done better.

 

Again - I understand and sympathise with your frustration at the loss;  this is just my current point of view.

[BurgersNFries 2,407]

Hi everyone,

Some bad news for me and some of your trying to recover lost notes. I had a days worth of unsynced notes on the my iPhone which were deleted when the password reset was activated. After dealing with premium support for several days this is the message I received today:

Ticket # 16051-250333

Dear valued customer,

I apologize for the inconvenience this has caused. Unfortunately any notes that were not synced to our severs when the password reset went into effect are gone. I am truly sorry for the data loss that you have now had.

Thank you for your continued patience.

Summer

Evernote Support

I'm not happy with this at all and as a paying customer I will be seeking redress. What is clear now is that Evernote for no reason what-so-ever remote wiped Evernote on user's iPhone with no warning or notification to allow users to copy their data. I would not have minded having to copy-paste unsynced notes across before resetting the account but no opportunity was given. I feel extra sorry for those who have never synced their notes... deleting users data is just the worse thing Evernote could have ever done.

Did you simply change your password? Did you do an uninstall?

[JonathanM 0]

Burger - I simply followed the prompt for the password reset.  When re-logging into Evernote on the iPhone with the new password it re-synced straight away; deleting the un-synced notes :-(

 

 

 

Gazumped - you have your point of view which I understand; but the sole reason that I made the decision to pay for Evernote Premium was so I could have full off-line access on my iPhone (it isn't possible in my area to always have mobile data) so this has doubled my frustration!

 

I can understand a password reset but not forcing a remote re-sync - which is a remote wipe of the existing device data. 

[heather 604]

I'm truly sorry that this happened.

 

In a very small percentage of cases, a small number notes that were unsynced on iDevices that did not have the latest version of Evernote for iOS installed may not be recoverable. We're collecting logs and running additional tests on these devices to try to recreate data.

 

Remember, all images taken through Evernote are saved to the Camera Roll (unless you specifically disable this feature), even if the note has not yet synced, so if you had unsynced image notes, please check your Camera Roll.

 

If you have found after logging in that *all* of your data has disappeared, then you are almost certainly logged into an alternate account that you may have forgotten you had created. Please try logging out and logging in again with alternate email addresses/usernames, so that we can attempt to locate your data.

 

Additionally, there's a separate case where users may have been logged into their iDevice with their *email address*, then updated their password on our website, and then logged back in with their *username*. While it is ostensibly the exact same account, Evernote would treat it as a different account locally.

 

If you try logging out and logging back in, but with your *email address* (or vice versa), you may find your notes again.

[Affiliatenote_test 0]

Heather

 

I'm truly sorry that this happened.

 

In a very small percentage of cases, a small number notes that were unsynced on iDevices that did not have the latest version of Evernote for iOS installed may not be recoverable. We're collecting logs and running additional tests on these devices to try to recreate data.

 

Remember, all images taken through Evernote are saved to the Camera Roll (unless you specifically disable this feature), even if the note has not yet synced, so if you had unsynced image notes, please check your Camera Roll.

 

If you have found after logging in that *all* of your data has disappeared, then you are almost certainly logged into an alternate account that you may have forgotten you had created. Please try logging out and logging in again with alternate email addresses/usernames, so that we can attempt to locate your data.

 

Additionally, there's a separate case where users may have been logged into their iDevice with their *email address*, then updated their password on our website, and then logged back in with their *username*. While it is ostensibly the exact same account, Evernote would treat it as a different account locally.

 

If you try logging out and logging back in, but with your *email address* (or vice versa), you may find your notes again.

 

 

Heather I am using Android EN 4.5.4 - I have unsync'd notes on my device, and have not yet updated my password for this reason. Is it possible to export the offline notes/notebooks and then reimport them once the account is reauthorized? Reauthorizing now will close the current session on my mobile device and the notes will be lost.

[jefito 5,589]

Heather I am using Android EN 4.5.4 - I have unsync'd notes on my device, and have not yet updated my password for this reason. Is it possible to export the offline notes/notebooks and then reimport them once the account is reauthorized? Reauthorizing now will close the current session on my mobile device and the notes will be lost.

I think that this may help: http://discussion.evernote.com/topic/29382-%E2%9C%94-changing-password-in-android/?p=192464

[B Schuette 0]

This is completely ridiculous.  Killing all active passwords on a system that is going to wipe unsynced notes when you re-sign in without an email warning to the account holder or some type of message is completely irresponsible.  I understand why it was done, but we have to pay for your poor security.

 

Didn't it occur to you that by disconnecting remote devices from the network you most certainly would be stranding some notes on the remote device?

 

This is a fine way to end my assessment of Evernote for use in our enterprise.  It made my decision very easy.  I will not recommend its use and I most certainly will be informing colleagues throughout my sphere of influence to find another solution as this vendor does not care about its users, only themselves.

 

It would have been  very easy to set things up to preserve remote device files in the event of an issue like this.  Please!   

 

Very dissappointing!!

[jefito 5,589]

@B Schuette:

Yes, this is disappointing, to the users who lost data, and I'm sure to Evernote itself. As best I understand it, most mobile clients did not lose unsynched notes; those that did lost them because of a bug (or bugs) in the client software. As I'm sure you know, bugs can be difficult to find and fix, and it appears that this had fallen through the cracks. Because they didn't know about the bugs, they most likely reckoned that killing the passwords was safe, though being realists, I'm sure that they suspected that something like this might happen. There is a difference between suspicion and proof, though. As it was, most of the online articles about the hack that I read faulted Evernote for their encryption choices, but praised them for speedy and responsible response to the breach, so it's a bit of a mixed bag.

Sorry that this affected your assessment of Evernote as a solution for your business. The breach might give you pause, but Im pretty sure that Evernote does care about the safety of its users and their notes. Good luck anyways.

[gazumped 11,656]

This is completely ridiculous.  Killing all active passwords on a system that is going to wipe unsynced notes when you re-sign in without an email warning to the account holder or some type of message is completely irresponsible.  I understand why it was done, but we have to pay for your poor security.

 

Didn't it occur to you that by disconnecting remote devices from the network you most certainly would be stranding some notes on the remote device?

 

This is a fine way to end my assessment of Evernote for use in our enterprise.  It made my decision very easy.  I will not recommend its use and I most certainly will be informing colleagues throughout my sphere of influence to find another solution as this vendor does not care about its users, only themselves.

 

It would have been  very easy to set things up to preserve remote device files in the event of an issue like this.  Please!   

 

Very dissappointing!!

 

If you read the links in the posts above,  it appears that "killing passwords" didn't necessarily "wipe unsynced notes" in the first place - we're all just getting to grips with exactly how to recover from these situations, and jumping to the conclusion that "this vendor does not care about its users only themselves" is not only illogical,  but completely unsupported by any posts or comments so far.

 

Evernote were in the position of having defeated a very professional hack attack but were aware that their very large user base could be at risk in a matter of hours or days if the encrypted password database was breached.  They enforced a password change on all users to protect our data,  but the size of the user base and the very nature of email sending means that everyone could not be warned of this reset in advance.  I'd bet that some emails still haven't arrived.

 

Evernote is a cloud storage service, which uses clients on devices without local hard drives that depend on a network connection to the server to save data. Any user saving 'local' notebooks on such a device deserves a medal - you simply can't do that.  Every other note is a temporary file waiting transmission to the server.  Any user of such a client should be aware that syncing with the server is as essential as hitting 'save' in a desktop menu,  and exiting the app before doing that will cause data loss.

 

If anyone lost hundreds of notes,  then - all due respect - that's at least as much a user issue as it is the app provider.  If I can't sync I always want to know why as q

 

 

Edit: Heh.  Very much a case in point - I just went on typing happily,  having apparently fat-fingered a key combination that saved the post!  Lost a few paragraphs that I won't repeat;  summary -

 

I think Evernote did their best to protect our interests,  and I know they're moving heaven and earth to fix any resulting problems.  They're not the bad guys here.  Let's let them get things sorted out and stop sofa coaching them how they should have done their job!

[BurgersNFries 2,407]

This is completely ridiculous.  Killing all active passwords on a system that is going to wipe unsynced notes when you re-sign in without an email warning to the account holder or some type of message is completely irresponsible.  I understand why it was done, but we have to pay for your poor security.

 

Didn't it occur to you that by disconnecting remote devices from the network you most certainly would be stranding some notes on the remote device?

 

This is a fine way to end my assessment of Evernote for use in our enterprise.  It made my decision very easy.  I will not recommend its use and I most certainly will be informing colleagues throughout my sphere of influence to find another solution as this vendor does not care about its users, only themselves.

 

It would have been  very easy to set things up to preserve remote device files in the event of an issue like this.  Please!   

 

Very dissappointing!!

 

 

 

@B Schuette:

Yes, this is disappointing, to the users who lost data, and I'm sure to Evernote itself. As best I understand it, most mobile clients did not lose unsynched notes; those that did lost them because of a bug (or bugs) in the client software. As I'm sure you know, bugs can be difficult to find and fix, and it appears that this had fallen through the cracks. Because they didn't know about the bugs, they most likely reckoned that killing the passwords was safe, though being realists, I'm sure that they suspected that something like this might happen. There is a difference between suspicion and proof, though. As it was, most of the online articles about the hack that I read faulted Evernote for their encryption choices, but praised them for speedy and responsible response to the breach, so it's a bit of a mixed bag.

Sorry that this affected your assessment of Evernote as a solution for your business. The breach might give you pause, but Im pretty sure that Evernote does care about the safety of its users and their notes. Good luck anyways.

 

In addition to what Jeff said (or maybe it's just expounding on it), I suspect EN had to weigh "a minority of users losing unsync'd data" vs "all users hackable."  IMO & IME, I prefer to not keep important notes on only one device/computer & certainly not a mobile one, which is more easily lost/stolen.  OTOH, I do realize there are people who go somewhere with no internet access & have to do so.  I've also been assured by an EN "higher up" that this was tested & they could not reproduce.  So it's really hard to determine all the factors going on with those who lost data.  Anyway, I guess IMO, for the most part, those who had "important" notes that were not sync'd seemed to be the ones who lost data - not those who had sync'd their data.  And as I said, if notes are very important, IMO, there is a responsibility on the user to CYA.  (So to speak.) 

[Martin Packer 162]

In future rather than deleting all unsynced notes maybe they should be put in a "possibly suspicious" state. Once control has been definitely re-established for the account they could be selectively whitelisted.

 

But, of course, that would take some programming...

[B Schuette 0]

This is completely ridiculous.  Killing all active passwords on a system that is going to wipe unsynced notes when you re-sign in without an email warning to the account holder or some type of message is completely irresponsible.  I understand why it was done, but we have to pay for your poor security.

 

Didn't it occur to you that by disconnecting remote devices from the network you most certainly would be stranding some notes on the remote device?

 

This is a fine way to end my assessment of Evernote for use in our enterprise.  It made my decision very easy.  I will not recommend its use and I most certainly will be informing colleagues throughout my sphere of influence to find another solution as this vendor does not care about its users, only themselves.

 

It would have been  very easy to set things up to preserve remote device files in the event of an issue like this.  Please!   

 

Very dissappointing!!

 

If you read the links in the posts above,  it appears that "killing passwords" didn't necessarily "wipe unsynced notes" in the first place - we're all just getting to grips with exactly how to recover from these situations, and jumping to the conclusion that "this vendor does not care about its users only themselves" is not only illogical,  but completely unsupported by any posts or comments so far.

 

Evernote were in the position of having defeated a very professional hack attack but were aware that their very large user base could be at risk in a matter of hours or days if the encrypted password database was breached.  They enforced a password change on all users to protect our data,  but the size of the user base and the very nature of email sending means that everyone could not be warned of this reset in advance.  I'd bet that some emails still haven't arrived.

 

Evernote is a cloud storage service, which uses clients on devices without local hard drives that depend on a network connection to the server to save data. Any user saving 'local' notebooks on such a device deserves a medal - you simply can't do that.  Every other note is a temporary file waiting transmission to the server.  Any user of such a client should be aware that syncing with the server is as essential as hitting 'save' in a desktop menu,  and exiting the app before doing that will cause data loss.

 

If anyone lost hundreds of notes,  then - all due respect - that's at least as much a user issue as it is the app provider.  If I can't sync I always want to know why as q

 

 

Edit: Heh.  Very much a case in point - I just went on typing happily,  having apparently fat-fingered a key combination that saved the post!  Lost a few paragraphs that I won't repeat;  summary -

 

I think Evernote did their best to protect our interests,  and I know they're moving heaven and earth to fix any resulting problems.  They're not the bad guys here.  Let's let them get things sorted out and stop sofa coaching them how they should have done their job!

Gazumped - I guess it's easier for you to sofa coach me on why I should not be upset that before I could sync notes from out of office meetings and spend time figuring out why they weren't syncing right.  But then again I'm not the one providing a service and not informing my users when making a decision with the lasting ompact of theirs. 

 

You continue to expound on how noble they were in their handling of an embarrassing incident -- if they had really thought about it they could have suspended the syncing and allowed users the opportunity to white list unsynced (not unsaved) notes so that they were not written over when the sync was performed.  A simple replace existing documents from the server leaving unsynced notes alone would have worked just fine.  They were irresponsible, and did not think through their knee jerk reaction to their lack of good security.  IF they are to survice in the cloud they need to show a much better ability to defend themselves against "very professional hack attacks".  It is their job.

[BurgersNFries 2,407]

Gazumped - I guess it's easier for you to sofa coach me on why I should not be upset that before I could sync notes from out of office meetings and spend time figuring out why they weren't syncing right.  But then again I'm not the one providing a service and not informing my users when making a decision with the lasting ompact of theirs. 

 

You continue to expound on how noble they were in their handling of an embarrassing incident -- if they had really thought about it they could have suspended the syncing and allowed users the opportunity to white list unsynced (not unsaved) notes so that they were not written over when the sync was performed.  A simple replace existing documents from the server leaving unsynced notes alone would have worked just fine.  They were irresponsible, and did not think through their knee jerk reaction to their lack of good security.  IF they are to survice in the cloud they need to show a much better ability to defend themselves against "very professional hack attacks".  It is their job.

 

 

Yeah, well different strokes for different folks & all that jazz.  Take away from this what you will.  I'm pretty sure no one has said EN behaved faultlessly here.  OTOH, I suspect many of us have been in similar situations (since it seems a majority of us are in IT) . ***** happens & you do the best you can but maybe not the best you could have, had you forseen the exact  situation.  Anyway, good luck in finding an app that suits your needs.

[gazumped 11,656]

Won't prolong the argument,  but I agree with BnF - I've been in disaster-plan meetings where big corporates do their best to predict worst case scenarios and identify weak spots,  then run exercises to see how "well" it all works in real-time situations.  And I know how badly they usually go wrong - often in quite unexpected ways.  When the waste channel intersects with the air conditioning in real life,  any landing you can walk away from is a good one.  No point in indulging in "I can / they should have done so much better" - it happened.  Get over it.  Evernote users will I'm sure have a much better experience if this happens again.  But I'll still keep my personal backups going,  because the only person who's going to look after my data like their life depended on it is me.

[Laura A 10]

I feel so very SORRY for people that have lost their notes in this event : (

This is why I never, ever, EVER write important notes when I cannot sync them (not even on Evernote). I know that we can write notes offline and have them sync later, but I don't trust my own hardware crashing before then or, in this case, a hack occurring before my precious notes can be synced. If I am in a place where I have sketchy reception or cannot get WIFI, I opt to write my notes down the old fashioned way until I have reliable reception and can put them in the cloud without interference. That way, in the event that something strange or bizarre happens, like a mandatory password reset or my phone going up in flames because I dropped it in the sink of dishwater (which has almost happened) I don't lose any important information.

As much as I like Evernote, I consider one note un-synced to be one note dangerously close to being lost. But I feel that way about every online service that requires synchronization. I've never felt comfortable with un-synced or offline notes because of potential hardware malfunctions, but now I have even more reasons to steer clear of them (hacking). I just don't trust that something bad won't happen before they reach the cloud. Paranoid, I know : /

[Affiliatenote_test 0]

Heather I am using Android EN 4.5.4 - I have unsync'd notes on my device, and have not yet updated my password for this reason. Is it possible to export the offline notes/notebooks and then reimport them once the account is reauthorized? Reauthorizing now will close the current session on my mobile device and the notes will be lost.

I think that this may help: http://discussion.evernote.com/topic/29382-%E2%9C%94-changing-password-in-android/?p=192464

 

Thanks Jefito - I did find this particular thread and made the attempt mentioned. However, with EN 4.5.4 and Android 4.1.1 at least, a failed sync on the app does not produce a notification in the Android notifications drop down. =\ I very much appreciate the link though! Thank you!

[Prismwolf 3]

I have to say that I was one of those silly users who had a couple of unsynced notes left on my iPad when the reset happened. I had already reset my password through the website so when it prompted me to reset on my iPad, there wasn't any warning and I didn't remember about the unsynced notes. I didn't have much that was unsynced but I did have a chapter I very much didn't want to rewrite that vanished into thin air and I was pretty devastated.

 

I'm truly sorry that this happened.

 

Additionally, there's a separate case where users may have been logged into their iDevice with their *email address*, then updated their password on our website, and then logged back in with their *username*. While it is ostensibly the exact same account, Evernote would treat it as a different account locally.

 

If you try logging out and logging back in, but with your *email address* (or vice versa), you may find your notes again.

 

BUT THIS WORKED. I logged in with my full email for the first time today and my unsynced notes magically reappeared! Thanks so much for this suggestion- you've saved a lot of writer angst and writers' block!