Evernote Resets User Passwords After Hack

| News

The online information organization service Evernote sent users emails over the weekend advising them to reset their account passwords after hackers managed to gain access to some personal data. The password reset request, along with the disclosure that some data had been potentially taken by hackers, went out to all 50 million Evernote users.

Evernote resets passwords after security attackEvernote resets passwords after security attack

According to the company, no payment information was taken, although the hackers did managed to get into user names and email addresses along with account passwords. The passwords are stored in an encrypted format, but the company is making users reset their passwords as a precautionary measure.

The company said in a blog post,

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.

Evernote has been open about the attack, which is reassuring, and marks a big difference from a couple years ago when companies like Sony kept quiet for days after its PS3 user account credit card numbers were stolen by hackers.

Users can reset their account password at the Evernote website.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

While server hacks are no fun, it's great to see Evernote being so open about the incident. It also underscores the importance of using unique passwords for the various online services you use, and it's a good reminder that a password manager app is handy, too.

Popular TMO Stories


Bosco (Brad Hutchings)

It’s nice to see the passwords were hashed and salted. But user names and email addresses should also be encrypted.

There are two bigger problems here. The first is that in a world of default sharing, data security necessarily comes second, because it gets in the way of sharing by default. You should feel comfortable using systems like Evernote and Dropbox for data you don’t mind being shared, even inadvertently, because that is the point of these systems. But many people use these systems for very sensitive data, including group password management, financial data, business strategy, etc.

The second problem is that “cloud” proponents push all the life-cycle benefits of multi-tenancy without acknowledging the security problems. When millions of people’s data is sitting in a unified cloud service, it makes for a big ass, high reward target. Walking around with a “kick me” sticker on your back is inviting a charlie horse.

Disclosure: I make a product in this space.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account