Evernote, the developer of popular note-taking and organisation software, found suspicious activity in its networks over the weekend, prompting it to reset passwords for 50 million users.
The company says that the measure is merely a precaution, as it found no evidence of hackers accessing private user content or payment details.
On Saturday, Evernote initiated a “service-wide password reset”, after the security team discovered a “coordinated attempt to access secure areas of the Evernote Service”.
It is unlikely the attackers will be able to use the stolen data, since Evernote, abiding by good security practices, ‘hashed’ and ‘salted’ its passwords.
“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords,” explained the company on its blog.
Evernote said that it will update a range of apps in order to make the process of changing passwords easier. In an email, it also advised users on how to make their new passwords more secure.
“Avoid using simple passwords based on dictionary words, never use the same password on multiple sites or services and never click on ‘reset password’ requests in emails — instead go directly to the service,” suggests Evernote.
Last year, an attacker had stolen 6.5 million passwords from LinkedIn and published them online, with the social network claiming losses between $500,000 and $1 million due to the breach. LinkedIn was heavily criticised by security professionals, since the passwords weren’t ‘salted’ and could be easily decrypted.
Yahoo and Tesco are some of the other companies that were singled out last year for not encrypting their passwords and thus ignoring basic security rules.
“As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content,” said the company.
How well do you know Internet security? Try our quiz and find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
When forever isn't forever - Evernote hack perspective
The Evernote hack highlights the very real security risks of letting employees use public cloud applications for business use. Use of Evernote creates copies of business information in the cloud and puts organizations at the mercy of service provider's security measures. Yes employees need to be able to create, view, access, edit and share information on mobile devices but they need to do this securely. Accellion recently announced an integrated secure productivity app with secure file sharing to eliminate the security risks of using third party apps such as Evernote. There continues to be a real risk of employees using free, public cloud solutions like Evernote, which puts an organization at risk for data leaks. However, with Accellion’s mobile productivity suite, users can create, edit and collaborate within a secure workspace without accessing a third party app like Evernote to help prevent data leaks, protect user credentials and keep an organization’s information under their management and control.