Emails And Passwords Stolen As Evernote Gets Hacked

Evernote, the cloud notetaking service has been hacked. The company disclosed today that an as yet unidentified hacker has compromised their servers and has made off with usernames, email addresses and passwords, though the latter are encrypted.

Evernote

If you use Evernote then go and change your password now!

Evernote have responded quickly by instigating a mandatory password reset for all their customers – if you have an account you’ll be required to pick a new password next time you attempt to login. This would seem to be just a precautionary measure though as,

“In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.”
Evernote blog

Evernote also said that the passwords, which are hashed and salted (read more on hashing and salting passwords), were first targeted back on February 28th –

“On February 28th, the Evernote Operations & Security team became aware of unusual and potentially malicious activity on the Evernote service that warranted a deeper look.”
Techcrunch

If you are having trouble accessing Evernote’s web site then they are also keeping users up to date with the latest info via their Twitter account –

Though nothing is certain I wonder if this has anything to do with the problems at Zendesk recently?

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] security should be — but it almost never is. And there is no exception with note-taking site Evernote following the security breach the site experienced over the […]

Speak Your Mind

*