A recent security breach at online note-taking service Evernote forced the company to reset all of their 50 million users’ passwords as a precautionary measure. The company noted (no pun intended) that there is no evidence that any content stored in Evernote was accessed, changed or lost nor is there any indication that payment information for premium users was compromised.
Evernote announced the security breach via blog post over the weekend. The Redwood City-based company said their operations and security team became aware of malicious activity that warranted a deeper look. Upon further inspection, it was discovered that the individual(s) responsible were able to gain access to Evernote user information which includes usernames, e-mail addresses and encrypted passwords.
The company said their one-way encryption methods (hashed and salted) are robust but they are taking the additional step of resetting every user account password in an abundance of caution. To reset your password, simply sign into your account and enter a new password.
Note that you’ll need to enter this new password in other Evernote apps that you use on other platforms, etc. Evernote said they are updating several of their apps to make the password change process more convenient.
In closing, Evernote offers some valuable tips that can be taken to ensure your data is safe on any site such as avoiding using simple passwords based on dictionary words, not using the same password on multiple sites or services and not clicking on password reset links via e-mails.