Hacker Infiltrates Evernote, Company Urges Password Reset
March 3, 2013

Hackers Hit Evernote, Gain Access To User Information And Passwords

redOrbit Staff & Wire Reports - Your Universe Online

Cloud-based note taking and archival service Evernote announced on Saturday that they had initiated a site-wide password reset after detecting suspicious activity on their network.

According to Chris Davies of Slashgear, the incident is believed to be the work of a hacker. The individual compromised the company´s servers, accessing usernames and email addresses in addition to encrypted passwords during the attack.

“In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed,” Evernote officials said in a statement, confirming that some user information had been accessed by the person or people responsible.

“Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.),” they added. “While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”

To do so, Evernote users are being asked to log into their accounts directly through the company´s website, www.evernote.com, and enter their new password, the company said. Those users will then have to enter the new password in any other Evernote apps that they use, though the company was promising to release software updates on Saturday in order to help make the entire process easier.

As VentureBeat´s Jolie O'Dell also points out, Evernote users should probably change their passwords for any websites or services that shared the same login information as their compromised account.

“Using duplicative login credentials across multiple sites is a big personal Internet security no-no, but we know enough of you do it,” she said. “To thwart hackers and prevent online or financial identity theft, all us Internet folk should generally not be idiots about passwords, the first line of defense in online security.”

“As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we're constantly enhancing the security of our service infrastructure to protect Evernote and your content,” the Redwood City, California-based firm said. “We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience.”