Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 3, 2013, 08:33 AM   #26
DavidTheExpert
macrumors member
 
Join Date: Apr 2012
I noticed a "your Evernote password has changed" message a few hours before I got that security email, and I couldn't log in. I freaked out thinking someone had hax0red my evernote account, so I quickly manually reset my password. I was relieved to log back in and find that none of my notes had been deleted, nor were there any extra notes saying "lolz hacked ur account betch!" Then I was even more relieved when I got the letter from Evernote explaining what had happened.
__________________
Get viewed with Fireviews.com
DavidTheExpert is offline   0 Reply With Quote
Old Mar 3, 2013, 08:49 AM   #27
knucklehead
macrumors 6502a
 
Join Date: Oct 2003
Quote:
Originally Posted by Mitochris View Post
I don't use evernote for anything sensitive, but I am more worried what it implies. If evernote is hacked, will syncing solutions, such as icloud of dropbox be targeted? For instance, 1password or wallet use icloud or dropbox to sync between devices and for backup. Should someone get my sync file, they have all the time in the world to try to get passed the encryption/masterpassword and access to all my passwords.
In my opinion, companies and especially governments need to be much more proactive in protecting the public from internet crime. Of course, if it's the governments doing, we have a problem.
You need to encrypt anything you are even remotely concerned about. 1Password's files are already encrypted in Dropbox, so that's OK. I use BoxCryptor for my own sensitive files on Dropbox, but I'll be moving to using it on pretty much everything.

This incident looks like my .mac email address has just become further polluted, and I can look forward to even more spam and phishing emails.
I wish Apple would let me change that from my Apple ID.
knucklehead is offline   0 Reply With Quote
Old Mar 3, 2013, 12:04 PM   #28
pundit
macrumors regular
 
Join Date: Mar 2007
I use dynamic DNS and openVPN with a shared key to access data externally... Then just use a full copy of Onenote on a tablet; it does live shared updating of the notebooks. For me, I don't worry about "Evernote got hacked!"

Of course, its not a solution for the average user; simply too much complexity, but there is no substitution for providing your own security and hosting your own data if you can do it.
pundit is offline   0 Reply With Quote
Old Mar 3, 2013, 12:18 PM   #29
lwapps
macrumors regular
 
Join Date: Sep 2012
Quote:
Originally Posted by Jessica Lares View Post
I have been an Evernote user since it was in beta. Sad to see this happen to them.
It must be the same people behind the twitter and apple attacks too. It seems very likely that they are related.
lwapps is offline   0 Reply With Quote
Old Mar 3, 2013, 02:15 PM   #30
turtle777
macrumors 6502
 
Join Date: Apr 2004
Quote:
Originally Posted by Mitochris View Post
For instance, 1password or wallet use icloud or dropbox to sync between devices and for backup. Should someone get my sync file, they have all the time in the world to try to get passed the encryption/masterpassword and access to all my passwords.
In case of 1PW, they would need all the time in the world.

As long as you use a long and safe Master Password, encrypted data in the cloud is not an issue.

They will go for a dictionary attack before they try to decrypt your contents.

-t
turtle777 is online now   1 Reply With Quote
Old Mar 3, 2013, 04:04 PM   #31
pmau
macrumors 6502
 
Join Date: Nov 2010
Quote:
Originally Posted by turtle777 View Post
Because emails can be easily intercepted, and not everyone is keen on having his name associated with his email address.

-t
Thanks for this remark. You are absolutely spot on.

I hate it when companies mail invoices to you stating billing address and your payment method etc.

My phone company for example writes a completely anonymous message that I can now download my monthly phone bill including call records.

It contains no name, customer id or anything.
This is a really important part of privacy.
pmau is offline   0 Reply With Quote
Old Mar 3, 2013, 05:14 PM   #32
japanime
macrumors 65816
 
japanime's Avatar
 
Join Date: Feb 2006
Location: Japan
I use Evernote but didn't seem to receive the email warning of the password breach. It certainly wasn't in my inbox.

So, I just searched my Mail.app and discovered that Apple's junk-mail filter had put the Evernote email directly into the trash.
__________________
Put Manga University in your pocket — get our free iPhone app!
japanime is offline   1 Reply With Quote
Old Mar 3, 2013, 07:22 PM   #33
canyonblue737
macrumors 6502a
 
Join Date: Jan 2005
I never got an email either but I think I know why... evernote sent the email from a NON-evernote domain that was only registered a few months ago and who's ID looks like it doesn't belong to evernote. It looks EXACTLY like a classic fishing scheme... except evernote has admit it really was from them. Many email services grab these messages because they look so obviously fake. They are now saying on the forums it was due to this happening in the midst of a big email server switch for them and this was the only way they could send out 50 million emails on short notice. To me it says that this is a big company still playing amateur hour when it comes to user security.

1. no 2 factor authentication.
2. SSL only when sending data to their servers.
3. no encryption of ANY KIND of ANY of your notes or notebooks on their servers. if someone gets your primary password, everything is exposed.
4. poor handling of the large data leak... email response, style and timing was all beyond poor. all passwords reset prior to ANY email, twitter, homepage or any other notification sent from evernote. the error alert saturday morning on evernote.com and in apps simply said you were entering the wrong password leading thousands to think they had been hacked with nothing at all explaining what had really happened.

this is a company that proudly has articles on their website saying "how to use evernote at tax time" but does nothing at all to protect the critical nature of user information on their servers. no one does this as poorly in the crowd they want to play in: apple, twitter, google, dropbox etc. it is downright irresponsible for them to imply that critical user data is safe and they haven't even hinted they want to improve it ('cept for 2 factor which they have been implying for a year and never arrived even with the big 5.0 update.)

i hope evernote stops what they are doing, realizes they are becoming a MAJOR player in the cloud space and with 60 million accounts they have to do FAR better. evernote has been iterating like mad on their service which has brought them great success but they need to pour their resources into security they desperately need starting with 2 factor authentication and the ability to encrypt notebooks. only then will evernote be a modern, secure cloud service to store your life's most valuable information.
canyonblue737 is offline   1 Reply With Quote
Old Mar 3, 2013, 09:20 PM   #34
japanime
macrumors 65816
 
japanime's Avatar
 
Join Date: Feb 2006
Location: Japan
Quote:
Originally Posted by canyonblue737 View Post
I never got an email either but I think I know why... evernote sent the email from a NON-evernote domain that was only registered a few months ago and who's ID looks like it doesn't belong to evernote. It looks EXACTLY like a classic fishing scheme... except evernote has admit it really was from them. ...
Fantastic info. Thanks! I couldn't figure out why the message would have been filtered as "junk."
__________________
Put Manga University in your pocket — get our free iPhone app!
japanime is offline   0 Reply With Quote
Old Mar 4, 2013, 09:10 AM   #35
daveham
macrumors newbie
 
Join Date: Oct 2012
This is why I use Dashlane:

1. I never reuse passwords, so it was minimal damage to my security.
2. I got an alert that let me know of the breach even before Evernote did.
3. I changed my passwords on my iPhone while at dinner. Dunzo.

Impact of breach? Minimal. Cost of Dashlane? Free.

__________________
daveham is offline   0 Reply With Quote
Old Mar 4, 2013, 07:13 PM   #36
Will do good
macrumors 6502
 
Join Date: Mar 2010
Location: Earth
Quote:
Originally Posted by James Craner View Post
It is so vital these days to use a password manager, unless you are blessed with a photographic memory and can remember different safe and secure passwords for all your website logins.

No matter how secure you think your own computer is, if one of a growing number of websites gets hacked and your username, which is often your email address and password is taken, you are vulnerable. If you are daft enough to use the same password on other websites, then not only are you venerable on that website, but every website that you use the same password.

I use 1Password.
I used 1 password for my not important site that contain no personal data, credit card or financial information.

But I don't feel safe leaving all my important to any one company such as 1 Password. If hackers (China included) can hack into Apple, Facebook, government agencies etc. why can't they hack into 1 Password? Specially WE all know they keep everyone's account and passwords. That who I will target if I really want a big payout.
Will do good is offline   0 Reply With Quote
Old Mar 6, 2013, 12:27 PM   #37
James Craner
macrumors 68000
 
James Craner's Avatar
 
Join Date: Sep 2002
Location: Bristol, UK
Quote:
Originally Posted by Will do good View Post
I used 1 password for my not important site that contain no personal data, credit card or financial information.

But I don't feel safe leaving all my important to any one company such as 1 Password. If hackers (China included) can hack into Apple, Facebook, government agencies etc. why can't they hack into 1 Password? Specially WE all know they keep everyone's account and passwords. That who I will target if I really want a big payout.
Would not do them any good for two reasons :

1. AgileBits (the developer) does not keep details of your 1Password password.

2. Any hacker would need two things to access your password. Physical access to the Password database, which is only stored were you choose to keep it and your 1Password password. Your 1Password database is not stored by Agilebits.
__________________
Productivity Orchard Be more productive with your Mac
James Craner is offline   0 Reply With Quote
Old Mar 17, 2013, 09:08 PM   #38
alisagenovese
macrumors newbie
 
Join Date: Mar 2013
Unhappy Lost access to my account since password reset

Anyone had the expereince of losing access to their acount. I have been in contact with evernote. Seems my account was linked to an old email and they can not verify my account so they will not allow me access. They sent me a way to try to access my notebooks on my computer. This is what they told me to o:

We’re sorry you’re unable to access your copy of Evernote Desktop due to an incorrect password, but we’re happy to assist you with getting your notes back into Evernote.

Here’s how to accomplish that:

On Mac:

Your database is in a hidden directory. You can access it by opening the Finder, then selecting "Go" from the top menu and hitting the "Option" key. Once you have done that, you'll see the "Library" folder pop up.

Select it.

~/Library/Containers/com.evernote.Evernote/Data/Library/Application Support/Evernote/accounts/Evernote/<your username>/content

or

~Library/Application Support/Evernote/accounts/Evernote/ <your username>/content

Create a brand new Evernote account with your new, desired username. Note, you will need to use a different email address than the one currently on file with your account. Login to Evernote Desktop for Mac with this username, then drag the “Content” directory onto your desktop.Contact Support for further instruction.

Once you have performed these steps, please reply with your new account username and we will be happy to issue you additional storage space to help you with importing your data to the new account.

I tried and do not see the library files they mention. Does anyone have any other suggestions on how I may recover my notebooks. I feel scared I may have lost them forever

Thankyou
alisagenovese is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:07 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC