Evernote resets passwords post-hack, says no sensitive data breached

Updated on 04-Mar-2013
HIGHLIGHTS

The company announced over the weekend that its network was hacked in "a coordinated attempt to access secure areas of the Evernote service," but reassured users that their data remained safe.

Evernote, the popular note-taking and archiving service, reported on Saturday that it was hacked, with some user data breached. The company cautiously requires all of its users, roughly 50 million of them, to reset their passwords to maintain security after the breach.

The company in a statement said that details such as email addresses, usernames, and encrypted (“hashed and salted”) passwords were accessed. According to Evernote, no sensitive or financial information (of premium users) was accessed, and stored user content remained unaffected. The company’s password reset process will also guide users on how to create effective passwords.

Evernote says the hack it suffered was just one of the many high-profile cyber-attacks on other major internet-based companies in the recent past, including giants such as Twitter, Facebook, Apple, Microsoft, Wall Street Journal, New York Times, and others. Speculation circulating around the internet attributes these attacks to Chinese hackers, though of course, this has not been verified yet.

The note-taking service was recently honoured at GSMA’s 18th Annual Global Mobile Awards, winning the ‘Best Mobile App for Enterprise’ award. The company also recently hit a new milestone in India – the 1 million user mark.

You can check out the complete statement Evernote sent to Cnet about the hack, below:

Our operations and security team caught this at what we believe to be the beginning stages of a sophisticated attack. They are continuing to investigate the details. We believe this activity follows a similar pattern of the many high profile attacks on other Internet-based companies that have taken place over the last several weeks.

At this time we believe we have blocked any unauthorized access, however security is Evernote’s first priority. This is why, in an abundance of caution, we are requiring all users to reset their Evernote account passwords before their next Evernote account log-in. We are actively communicating to our users about this attack through our blog, direct e-mails, social media, and support. This simple step of users creating strong, new passwords will help ensure that user accounts remain secure.

As you point out, attacks like this are becoming more commonplace for all Internet-related companies and services. Evernote’s ops and security team ensures we are using the latest and strongest security protocols. In addition, the team continuously and aggressively monitors for unusual activity patterns. This allows us, as was the case in this instance, to catch new and novel attack types as soon after they begin as possible.

Source: Cnet

Abhinav Lal

https://plus.google.com/u/0/118371002657670425415/posts

Connect On :