Evernote Security

Posted on by admin



  • Evernote Security Hall of Fame. The individuals and teams listed below were the first to tell us about vulnerabilities that could harm Evernote or anyone who uses Evernote. Each of them have helped us make Evernote safer. If you disclosed a vulnerability to us before we created the Hall of Fame and would like to be listed, please let us know.
  • We support the Security Assertion Markup Language (SAML) for single sign-on (SSO) for your Evernote Business users. We act as the service provider and talk to your identity provider. We recommend using this feature to: Allow your employees to use their primary login password for the Evernote service.

If you have a billing issue, cannot log in to your Evernote account, or have any questions about your account's security, please contact our support team.

Evernote security breach 2019

If you believe you’ve found a security vulnerability in an Evernote application, the Evernote platform, or our infrastructure that could harm Evernote or anyone who uses Evernote, please submit your findings through Evernote's HackerOne Program.

In this case, there is no need for security improvements by evernote, but by yourself: you can't blame evernote that you used a single password for several accounts. You assumed that (according to your accusation: I used 1 pwd for several accounts) - I didn't so it means, not my fault. From the Evernote website: 'Encrypted Text Within a Note: If you are using an Evernote desktop client, such as Windows Desktop and Evernote for Mac, you can encrypt any text inside a note to add an extra level of protection to private information. Evernote uses AES (Advanced Encryption Standard) with a 128-bit key to encrypt text you select.

Evernote Security Hall of Fame

The individuals and teams listed below were the first to tell us about vulnerabilities that could harm Evernote or anyone who uses Evernote. Each of them have helped us make Evernote safer. If you disclosed a vulnerability to us before we created the Hall of Fame and would like to be listed, please let us know.

As of November 2019, this hall of fame page is no longer updated - instead, security researchers may receive credit for their findings through our HackerOne program.

2019

  • Arvind K. facebook.com/1808arvind
  • Sergey Toshin (@bagipro) https://hackerone.com/bagipro
  • Nikolay Anisenya
  • AJ Dumanhug of Secuna Infosec Team — https://secuna.io
  • Alesandro Ortiz — https://AlesandroOrtiz.com
  • shell_c0de — https://hackerone.com/shell_c0de
  • Marcos 'Karz' Santos
  • Grzegorz Niedziela — @gregxsunday
  • Zach Zenner — @Anxious_Rabbit_
  • Carlo Aprigliano — @carloaprigliano
  • huangfeihong
  • Guardio Research Team — https://guard.io
  • Gary Hunter (@pr3cur50r) — salt4n6.com
  • Renato Chencinski — https://www.linkedin.com/in/renatochen/
  • Julien Thomas — Protektoid Project
  • Dhiraj Mishra — @mishradhiraj_
  • hearmen — http://mohamoha.club
  • Jim Challis — @disgraceUK
  • Taha Ismail — @rjtahaofficial

2018

  • Ali Razzaq — @alirazzaq_
  • Sameer Phad — @sameerphad72
  • Muhammad Khizer Javed — https://twitter.com/KHIZER_JAVED47
  • Haitao Zhang
  • Vineet Kumar — https://hunter2.com/
  • Steven Seeley (mr_me) of Source Incite
  • Gayatri Rachakonda
  • pavanw3b — https://pavanw3b.com
  • Tongqing Zhu (Knownsec 404 Team) — https://www.knownsec.com/
  • ning1022 — https://github.com/ning1022
  • Sebao — http://www.daimacn.com
  • Jens Müller — @jensvoid
  • Lakshay Gupta — https://www.linkedin.com/in/lakshay-gupta-44102a143
  • Viswanathan Govindarajan (கோ.விஸ்வநாதன்) — https://www.linkedin.com/in/adamviswa/
  • Tony D'Amato
  • Syed Abuthahir — https://www.linkedin.com/in/developerabu
  • Anne
  • Wai Yan Aung — @waiyanaun9
  • Jatin Dhankhar — https://jatindhankhar.in/
  • Adam Chester ( @_xpn_) — https://blog.xpnsec.com/

2017

  • CongRong (@Tr3jer) — http://www.Thinkings.org/
  • Marcel Brixel — https://au.linkedin.com/in/brixelmarcel
  • SHWETABH SUMAN ( @SHWETABHSUMAN11 ) — https://www.facebook.com/profile.php?id=100011024580051
  • Juba Baghdad — https://twitter.com/JubaBaghdad
  • Shivam Poddar — https://twitter.com/TheShivamPoddar
  • Vishal Shukla —https://twitter.com/shukla304
  • Ali Burak AYDIN —https://www.linkedin.com/in/aliburakaydin
  • Vijay Mahajan — https://www.facebook.com/vijay12041997
  • Dmitry Ivanov — https://twitter.com/d1m0ck
  • ak1t4 — https://twitter.com/knowledge_2014
  • Raynold Sim
  • Greg Royce
  • Jaikishan Tulswani — https://twitter.com/_iamjk
  • Amit Sangra — Linkedin.com/in/Hitman
  • Atik Rahman — https://facebook.com/kind.atik
  • Jay Jani — https://www.facebook.com/janijay007
  • Julien Joubert-Gaillard — jmclej@gmail.com
  • Ahmed Raza Memon — facebook.com/cmagicianx
  • Julian Maynard — https://www.linkedin.com/in/maynardjulian
  • Alex Kolchanov — kolchanov.info
  • Markus Roedel — http://www.comaro.net
  • Gregor Hehenberger — http://www.hehenberger.biz
  • Zhiyang Zeng — https://lightrains.org

2016

  • shivankarmadaan — https://twitter.com/shivankarmadaan
  • nope_
  • Cadmus — http://cadmus.ru
  • Yaroslav Olejnik - O.J.A. — https://twitter.com/oja_c7s
  • ooooooo_q — https://twitter.com/ooooooo_q
  • Vijju VijayKumar — https://twitter.com/bloggingvijay
  • Ian Hickey — http://www.ten24web.com
  • Omar Kurt — @omarkurt
  • Ty Smith — @tsmith
  • Himanshu Mehta — https://in.linkedin.com/in/himanshumehta21
  • M4ster — zhoul2@knownsec.com/
  • Tianqi Zhang — https://www.vulbox.com/
  • baimaohui — http://weibo.com/u/5734490991
  • Adam Chester — @_xpn_
  • Al Stewart
  • Yuyang Zhou — http://weibo.com/u/1312149403
  • Akshay Jain — https://www.facebook.com/akshayjain011
  • Renato Chencinski — http://inspira.work/
  • Ahmed Adel Abdelfattah — https://www.facebook.com/00SystemError00

2015

  • Eusebiu Blindu — http://www.testalways.com
  • Arseniy Kostromin — https://twitter.com/0x3C3E
  • Mohamed Khaled Fathy — https://www.facebook.com/Squnity
  • Jamieson O'Reilly — https://au.linkedin.com/pub/jamieson-o-reilly/70/b64/13a
  • Othmane Tamagart — @0thm4n_WhiteHat
  • Edison He — 0xedison@gmail.com
  • Saurabh Swaroop — saurabhcs0097@gmail.com
  • Muhammad Osama — https://www.facebook.com/profile.php?id=100001183774319
  • Shivam Kumar Agarwal — https://www.facebook.com/shivamkumar.agarwal.9
  • Adam Chester — @_xpn_
  • Sree Visakh Jain — http://www.wayanadweb.com
  • Luyi Xing — http://homes.soic.indiana.edu/luyixing
  • Tongxin Li — litongxin1991@gmail.com
  • Xiaolong Bai — bxl1989@gmail.com and bxl12@mails.tsinghua.edu.cn
  • Xiaojing Liao — http://users.ece.gatech.edu/~xliao9/
  • XiaoFeng Wang — http://www.informatics.indiana.edu/xw7/
  • Swaroop Yermalkar — @swaroopsy
  • Markus Roedel — http://www.comaro.net
  • Shawar Khan — https://www.facebook.com/shawarkhanskofficial
  • Sergio M Furtado Valeriano — https://www.facebook.com/sergio.valeriano
  • Kalpesh Makwana — @makwanakalpesh2
  • Ala Arfaoui — https://www.facebook.com/alaa.arfaoui
  • Dmitry Kusliy — @dkusliy
  • Zhe-An Lin — http://about.me/zal
  • Frans Rosén — https://detectify.com
  • Raja Kishore Kavi — www.facebook.com/rajakishorekavi

2014

  • In-Gyu, Tae — graylynx@gmail.com
  • Dmitry Kusliy — @dkusliy
  • Francis Rohner — http://francisrohner.com/
  • Fizer Khan — http://www.fizerkhan.com/
  • Sachin Hallad
  • Weichao Sun — http://blog.trendmicro.com/trendlabs-security-intelligence/author/weichao-sun/
  • Daoyuan Wu and Rocky Chang
  • Mark Arena — http://intel471.com/
  • Tianqi Zhang — http://www.freebuf.com/
  • Rakesh Karankote — @rakeshnagekar
  • Erik Romijn — @erikpub
  • Takashi Uchibe — http://uchibe.net/
  • Krishna Chaitanya Kadaba — http://www.cigniti.com/security-testing
  • Yu-Cheng Lin — http://www.AndroBugs.com
  • Mariem El Gharbi — @mstramgram
  • zhaohuan — http://security.tencent.com
  • Rakan Alotaibi — @hxteam
  • Nakul Mohan — https://www.facebook.com/nakul.cia
  • Anonymous India — @Anonymous_India
  • Yutong Pei — http://yutong.me/
  • Eric Chen — http://ericchen.me/
  • Yuan Tian — Yuan Tian
  • Robert Kotcher — http://www.robertkotcher.com/
  • Sebastian Guerrero — @0xroot
  • Richard Hicks — @scriptmonkey_
  • Kalki — @kalkihere
  • Masato Kinugawa — @kinugawamasato
  • ma.la — http://ma.la
  • Fabien Duchène — @fabien_duchene
  • Riccardo Arvizzigno — @riccardoar

2013

  • ooooooo_q — @ooooooo_q
  • Th. Michael Eißele
  • William C. Beegle
  • Adam Caudill — http://adamcaudill.com
  • piyokango — @piyokango
  • John Bicket — http://www.linkedin.com/in/jbicket
  • Rakan Alotaibi — @hxteam
  • Rafael Pablos — http://silverneox.blogspot.com
  • Zakaria Rachid — http://www.4sec.fr
  • Vladimir Kochetkov — @kochetkov_v
  • Noriaki Iwasaki — @iwasakinoriaki
  • Masato Kinugawa — @kinugawamasato
  • Pralhad Chaskar — @c0d3xpl0it
  • Denis Kolegov — @dnkolegov
  • Nitesh Shilpkar — @NiteshShilpkar
  • Shubham Raj — http://www.openfire-security.net
  • Osman Doğan — @osmand0gan
  • Kamil Sevi — @kamilsevi
  • Ciaran McNally — http://makthepla.net
  • Olivier Beg — http://olivierbeg.nl
  • Shahee Mirza — @shaheemirza
  • Tejash Patel — @tejash1991
  • Maxim Rupp
  • Chris John Riley — http://blog.c22.cc
  • Ahmad Ashraff — @yappare
  • ma.la — http://ma.la
  • Hiroshi Tokumaru — @ockeghem
  • Ryan Dewhurst — http://www.randomstorm.com
  • Avram Marius Gabriel — http://www.randomstorm.com

2012

  • Yuji Kosuga — @yujikosuga
  • ma.la — http://ma.la

Evernote Security Issue

2011

Evernote Security Alert

  • ma.la — http://ma.la
  • Hiroshi Tokumaru — @ockeghem