I didn’t get the email about their hack. Wasn’t concerned because I don’t use their service right now but I thought I’d reset my password.
I logged in with my username and existing password.
It showed me my previous – and now dead and unrecoverable – gmail address.
It told me to create a new password.
I changed my account email to a completely different provider
I entered a new password
and now I’m logged in.
Which is all pretty crap because why didn’t they confirm it’s actually me? I didn’t get an email at the new address saying “Hey, you just changed..” or any sort of verification sent anywhere. So Evernote is still insecure then surely?