Evernote user information compromised, users forced to change passwords
Just days after we reported the large software-update for the popular application ‘Evernote’, the company has confirmed that a security breach has put some users information at risk.
Confirmation of the breach in security came via the Evernote.blog, where developers informed customers of the situation and offered a few security tips for the future. The ‘Evernote Operations & Security Team’ stated that they “discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service” states the lengthy blog post.
It was because of this suspicious activity that Evernote has forced all users to reset their passwords. The team does state that they have found “no evidence that any of the content you store in Evernote was accessed, changed or lost”. There is also no confirmation that “any payment information for Evernote Premium or Evernote Business customers was accessed”.
What was accessed was Evernote user information (usernames and email addresses) and although passwords were included in the data, Evernote states that they were encrypted. The encryption used on those passwords were “protected by one-way encryption” or as Evernote explains “hashed and salted” if you want to get technical.
Customers are directed to reset their passwords using the following protocol:
“After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours”.
Also included in the post were directions on how to create a secure password on the service and other basic cyber-management techniques commonly used to create login information that is kept on a third-party server.