Evernote Resets User Passwords After Hack

| News

The online information organization service Evernote sent users emails over the weekend advising them to reset their account passwords after hackers managed to gain access to some personal data. The password reset request, along with the disclosure that some data had been potentially taken by hackers, went out to all 50 million Evernote users.

Evernote resets passwords after security attackEvernote resets passwords after security attack

According to the company, no payment information was taken, although the hackers did managed to get into user names and email addresses along with account passwords. The passwords are stored in an encrypted format, but the company is making users reset their passwords as a precautionary measure.

The company said in a blog post,

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.

Evernote has been open about the attack, which is reassuring, and marks a big difference from a couple years ago when companies like Sony kept quiet for days after its PS3 user account credit card numbers were stolen by hackers.

Users can reset their account password at the Evernote website.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

1 Comments

Bosco (Brad Hutchings)

It’s nice to see the passwords were hashed and salted. But user names and email addresses should also be encrypted.

There are two bigger problems here. The first is that in a world of default sharing, data security necessarily comes second, because it gets in the way of sharing by default. You should feel comfortable using systems like Evernote and Dropbox for data you don’t mind being shared, even inadvertently, because that is the point of these systems. But many people use these systems for very sensitive data, including group password management, financial data, business strategy, etc.

The second problem is that “cloud” proponents push all the life-cycle benefits of multi-tenancy without acknowledging the security problems. When millions of people’s data is sitting in a unified cloud service, it makes for a big ass, high reward target. Walking around with a “kick me” sticker on your back is inviting a charlie horse.

Disclosure: I make a product in this space.

Log-in to comment