Evernote Imposes Service-Wide Password Change

Evernote password

Joanna wrote a fantastic article recently about cloud-sync apps for e-book fans. One of the apps she wrote about was Evernote, one of my personal “must have” apps. If you are an Evernote user, you might have run into a problem yesterday or today where suddenly, and with no explanation, you were required to change your password.

According to the Evernote blog, they discovered that they’d been hacked.

Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password reset.

Good on Evernote for discovering the hack and for responding. Not so good: Changing your password in all your various Evernote apps was a pain. Fortunately, they’ve released an update to all their mobile apps to make it easier; I’ve used it, and it works.

So if you’re one of those people who waits for a while to update your apps, don’t wait. Update Evernote quickly and change your password.

3 Comments on Evernote Imposes Service-Wide Password Change

  1. Common Sense // March 3, 2013 at 2:44 pm //

    It wasn’t without an explanation, I received an email from them:

    Dear Evernote user,

    Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

    As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.

    In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

    The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

    While our password encryption measures are robust, we are taking steps to ensure your personal data remains secure. This means that in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.

    After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.

    As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content.

    There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:
    Avoid using simple passwords based on dictionary words
    Never use the same password on multiple sites or services
    Never click on ‘reset password’ requests in emails – instead go directly to the service
    Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support.

    The Evernote Team

  2. I for one have stopped using this service because of this breach, terrible for a start-up to loose it’s good reputation!

  3. @Common Sense, It was without explanation for some of us. I never received that email from Evernote and had to hunt down the source of the problem on my own. All I got was an error message telling me my password was incorrect and to re-enter it. Which I did. And got the same error message. I still haven’t received their email, two days later.

Leave a comment

Your email address will not be published.

*



wordpress analytics