Who cares about Evernote?
I'm convinced that the REAL threat of this kind of breach is that many people use the same passwords on many systems. The scammers and spammers have lots of stolen and correlated personal information, and they can mix and match to play games. Not sure it is helpful to note, but my primary countermeasure against this sort of thing is that my passwords are organized in layers. You might penetrate a 'soft layer' where I reuse the same password, but if you try to use it to hack into a deeper layer, the most likely outcome is to tip me off... (Yes, of course there are more wrinkles and wrinkles within the wrinkles, but I think I'm being pursued by the paranoids.)
The root of the problem is the money, as usual. As long as the scammers continue to profit, they will continue to try to new scams and make the Internet less valuable for ALL of us. I actually think that most of their proximate cash is coming from identity theft these days, but the primary vector mechanism for getting the suckers is still email spam, which is why I think there should be more focus on the vector. I really wish there was ONE email system that had some POWERFUL anti-spammer tools built into it. I'm talking about tools that would convince the spammers that this email system was not worth the risk. Any spam sent to that system would allow US to go after ALL of the spammers' accomplices, work to shut down ALL of the spammers' infrastructure, and to cut the spammers' away from ALL of their victims.