Jump to content
Kurt.Angle

(Archived) Hackers still around?

Recommended Posts

I have received 4 emails to reset my password so far, and I've already done so during the initial announcement.

 

Problem #1:  If this email is legit, why do you need to keep sending the email?  Once is enough, and I can probably say it is not necessary at all -- just force the user to change their passwords when they login with the old one.

 

Problem #2:  In the email, there is a link which includes my email address.  It looks legit, but didn't Evernote said don't click password-reset links?  

 

Anyway, attached is the screenshot.

 

post-94238-0-54673200-1363457537_thumb.p

 

Is this legit?

Share this post


Link to post

Hi Kurt,

 

I wonder if you have more than one account/password/email address?

 

Best regards

 

Chris

  • Like 1

Share this post


Link to post

I have received 4 emails to reset my password so far, and I've already done so during the initial announcement.

 

Problem #1:  If this email is legit, why do you need to keep sending the email?  Once is enough, and I can probably say it is not necessary at all -- just force the user to change their passwords when they login with the old one.

 

Problem #2:  In the email, there is a link which includes my email address.  It looks legit, but didn't Evernote said don't click password-reset links?  

 

Anyway, attached is the screenshot.

 

attachicon.gifEmail Evernote.png

 

Is this legit?

 

 

Definitely a case of "damned if you do & damned if you don't" b/c I'm sure if they only sent one email, at least one user would be peeved & wonder why they didn't send out followup reminders.  Bottom line, if you changed your password, you're good.  Additionally, as Chris said, are they all for the same account?  (I have a few EN accounts & don't recall if the dups were followups or for different accounts.)

 

WRT #2:  http://discussion.evernote.com/topic/35615-phishing-attach-underway-for-evernote-accounts/

Share this post


Link to post

I can confirm, I have two accounts with two different email addresses and received two and only two reset emails. None since the weekend the hack was announced.

Share this post


Link to post

Yes that's ours. The link is included to make it easier to reset passwords. We generate a link so that each person receives a custom reset link for their accounts. If you've already reset yours feel free to ignore this.

There are a few scenarios where duplicates are showing up--we're doing what we can to limit these, but an occasional duplicate--thems the breaks of emailing 50 million people.

Share this post


Link to post

I got a second one the other day, which puzzled me for a bit. Then I remembered my second account that I use for testing. Doh!

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...