Evernote security

I didn’t get the email about their hack. Wasn’t concerned because I don’t use their service right now but I thought I’d reset my password.

I logged in with my username and existing password.
It showed me my previous – and now dead and unrecoverable – gmail address.
It told me to create a new password.

I changed my account email to a completely different provider
I entered a new password
and now I’m logged in.

Which is all pretty crap because why didn’t they confirm it’s actually me? I didn’t get an email at the new address saying “Hey, you just changed..” or any sort of verification sent anywhere. So Evernote is still insecure then surely?

Posted in WWW

Leave a Reply

Your email address will not be published. Required fields are marked *