Evernote says security has been breached by hackers
< Next Topic | Back to topic list | Previous Topic >
Posted by razorboy
Mar 2, 2013 at 07:08 PM
~~Evernote says security has been breached by hackers~~
BBC News Technology
2 March 2013 Last updated at 13:34 ET
Online information storage firm Evernote has asked all users to reset their passwords, following a security breach by hackers.
The California-based company, that allows people to store and organise personal data on an external server, is thought to have about 50 million users.
It said user names, email addresses and encrypted passwords were accessed.
But it insisted there was “no evidence” that payment details or stored content was accessed, changed or lost.
Evernote acts like an online personal organiser, with users able to save data such as video clips, images, web pages, notes and itineraries in an external shortage system commonly known as the Cloud.
In a statement on the company’s website, the firm said its security team discovered and blocked “suspicious activity on [their] network that appears to have been a coordinated attempt to access secure areas of the Evernote service”.
It added: “While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure.
“This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”
The firm apologised “for the annoyance” caused by the breach, which it said is becoming “far more common” at other “large services”.
In February, Apple revealed a “small number” of its computers had been hacked, but added there was no sign of data theft.
The hack came a week after social-networking firm Facebook said it had traced a cyber-attack back to China after some of its employee laptops were hacked.
A month ago, micro-blogging website Twitter announced it had been the victim of a security breach which compromised the accounts of 250,000 users.
The company’s information security director, Bob Lord, said the attack “was not the work of amateurs”.
Posted by Ken
Mar 4, 2013 at 05:34 PM
Thanks for posting this. The app updated itself on my iPad and required a password reset, but there was no mention of a breach in security.
—Ken
Posted by Alexander Deliyannis
Mar 5, 2013 at 04:34 PM
Ken, I received the following message in all my mail accounts related with Evernote on Saturday; you might want to check your spam box:
Dear Evernote user,
Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.
As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.
In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking steps to ensure your personal data remains secure. This means that in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.
As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content.
There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:
Avoid using simple passwords based on dictionary words
Never use the same password on multiple sites or services
Never click on ‘reset password’ requests in emails - instead go directly to the service
Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support.
The Evernote Team
Posted by Ken
Mar 5, 2013 at 09:06 PM
Thanks for the additional information, Alexander. I will check my SPAM box to see if their message landed there.
—Ken