Evernote resets all user account passwords following security breach

Shawn Knight

Posts: 15,256   +192
Staff member

A recent security breach at online note-taking service Evernote forced the company to reset all of their 50 million users’ passwords as a precautionary measure. The company noted (no pun intended) that there is no evidence that any content stored in Evernote was accessed, changed or lost nor is there any indication that payment information for premium users was compromised.

Evernote announced the security breach via blog post over the weekend. The Redwood City-based company said their operations and security team became aware of malicious activity that warranted a deeper look. Upon further inspection, it was discovered that the individual(s) responsible were able to gain access to Evernote user information which includes usernames, e-mail addresses and encrypted passwords.

evernote hacked encrypted passwords stolen hacking

The company said their one-way encryption methods (hashed and salted) are robust but they are taking the additional step of resetting every user account password in an abundance of caution. To reset your password, simply sign into your account and enter a new password.

Note that you’ll need to enter this new password in other Evernote apps that you use on other platforms, etc. Evernote said they are updating several of their apps to make the password change process more convenient.

In closing, Evernote offers some valuable tips that can be taken to ensure your data is safe on any site such as avoiding using simple passwords based on dictionary words, not using the same password on multiple sites or services and not clicking on password reset links via e-mails.

Permalink to story.

 
I got this notice too and funny I had changed the default password the other day. I had to change it again. Then on top of that I had to install a newer version. The software getting better but still they have so many updates for it.

I do like the flexibly of the software you can on it on desktop, laptop, netbook, tablet, and smart phone. Lots of choices. Take it with me on my smart phone to look at the food list or things to get list. Send the data back to the home server. Still not bad..
 
With two factor authentication now even easier to roll-out and end users ever more aware of the vulnerabilities of static passwords, hopefully incidents such as these will serve to further encourage organizations to improve the security of their log-in procedures. All organizations are aware of the brand damage done when security is compromised, while too many consumers have had to put up with the consequences of such a breach. For end users, two factor authentication is no more complex than putting on a seat belt, but the security benefits it provides are considerable. While we can?t mandate that people ?buckle up? when online, we should at least give them the option to.

- T. Kendall Hunt, Chairman and CEO, VASCO
 
Back