Evernote security breach prompts service-wide password reset

Some startling news has come to the forefront for those of you who frequently use premier note-taking service Evernote. The company issued an email blast to all its users detailing an unfortunate security breach that puts all its users at risk.

Evernote warns us that the culprit’s actions allowed them access to the usernames, email addresses and encrypted passwords, meaning you’re pretty much a sitting duck until you take appropriate measures. According to them, there’s no reason to believe the attackers had direct access to users’ notes and the personal and credit card information of those who pay for Evernote’s premium features.

For starters, Evernote will prompt everyone to change their passwords upon logging into the service’s website. That’s always the most basic course of action whenever something like this occurs so you’ll want to take care of it as soon as possible. We’re reminded that you shouldn’t use the same passwords twice or use passwords that are too similar to your old ones. To build on that, you might want to make sure your password has a nice mix of numbers, letters and — if possible — special characters.

Those on mobile apps will be seeing updates soon that will implement a more solid password reset option. Beyond that, Evernote gave the usual spiel about how it’s investigating the incident and is always working to improve the security of its service. These things happen from time-to-time, folks, and all you can do when it does is make sure you tie things up on your own end. Get to it at Evernote.com.

[via iSource]

Continue reading:

TAGS:



  • technohead95

    While getting hacked is not great PR news, Kudos to Evernote for bringing it to user’s attention so quickly and forcing users to change their password. I use LastPass so changing passwords is a piece of cake. Not only that, it’s an uber complicated one using lower case, upper case, numbers and symbols with a length of 15 characters.

    • camelsnot

      so basically you did what everyone should be doing, minus using a hackable site like LastPass to hold your passwords for you. Fail.

      • technohead95

        You fail because you do not know how LastPass works!! User passwords in LastPass are stored encrypted. They get encrypted/decrypted on people’s local machine. Stealing encrypted passwords is less useful than stealing random computer generated data.

  • Dan

    Oh no… the hacker might know I’m out of milk D-:

  • matt

    Evernote’s passwords were hashed and salted…