Evernote is latest cloud giant to be hacked, instigates password reset

4 Mar 2013

Cloud-based personal organiser Evernote has confirmed that it has discovered and blocked suspicious activity that it deems an organised and co-ordinated attack. The news comes just after Apple, Facebook and Microsoft revealed their networks came under attack from hackers.

While the hackers were unable to access the secure area of Evernote’s system, they were able to gain access to user information, such as usernames, email addresses and encrypted passwords.

As a precaution to protect its users’ data Evernote says it is rolling out a password reset.

“In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost,” Evernote said in its blog. “We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

“The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.

“Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption.

“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords,” Evernote said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years