Evernote, the wildly popular list and productivity app, has been hacked. If you are an Evernote user, you along with 50 million other Evernote users, are being asked to change your password.
According to Techcrunch, Evernote reported that it first noticed the breach on February 28, 2013 (two days before reporting it). Evernote says that no credit card or payment information for premium or business users was accessed.
However, user information including email addresses and passwords, was accessed. The company says passwords were encrypted (“hashed and salted”) and they believe them secure.
But in an abundance of caution they are asking users to change passwords anyway. The security notice on the Evernote website today reads:
“In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.”
Evernote joins a growing list of hacked companies. Others include Apple, Facebook, Microsoft and Twitter. As we wrote earlier this week about the Microsoft hacking, it’s dangerous to reuse passwords. Why? Simply put, if a cyber attacker gets access to login data at one service or app, and you re-use that same login elsewhere, you’ve now put your other accounts at risk.
Evernote unveiled a small business version of its app just last December. Evernote is growing fast. Back in September 2012 we reported that it had 40 million individuals as users. Its user base is now up to 50 million.
This hacking is not likely to stop Evernote’s growth momentum — unless the situation turns out to be much worse than reported. With so many high-profile hacked companies, the public and business users will probably take it in stride.
Well, that’s a bunch of people that need to go change their passwords…again.
At least it seems they have made efforts to really lock passwords with hashing and salt, but no doubt that will become less secure moving forward.
It is, isn’t it Robert? Fifty million users!
I’ve recently changed many of my passwords to the accounts I frequent. I do have an Evernote account but I don’t use it much so I don’t really see a danger there, thank God. However, I will make more of an effort to change my passwords more frequently. Once I get settled with one, I like to stick with it because it easy to remember. I’ll definitely get better at updating my info.
Mike @ DollarTechSupport
The bottom line is most sites are ‘hackable’. They have a saying, “Where there is a will, there is a way’. Also some hacks come from internal sources. So I don’t see what the big deal is about.
Will the increased use “OAuth” login have a safety net effect on future hacking attempts?