Evernote, the developer of popular note-taking and organisation software, found suspicious activity in its networks over the weekend, prompting it to reset passwords for 50 million users.
The company says that the measure is merely a precaution, as it found no evidence of hackers accessing private user content or payment details.
On Saturday, Evernote initiated a “service-wide password reset”, after the security team discovered a “coordinated attempt to access secure areas of the Evernote Service”.
It is unlikely the attackers will be able to use the stolen data, since Evernote, abiding by good security practices, ‘hashed’ and ‘salted’ its passwords.
“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords,” explained the company on its blog.
Evernote said that it will update a range of apps in order to make the process of changing passwords easier. In an email, it also advised users on how to make their new passwords more secure.
“Avoid using simple passwords based on dictionary words, never use the same password on multiple sites or services and never click on ‘reset password’ requests in emails — instead go directly to the service,” suggests Evernote.
Last year, an attacker had stolen 6.5 million passwords from LinkedIn and published them online, with the social network claiming losses between $500,000 and $1 million due to the breach. LinkedIn was heavily criticised by security professionals, since the passwords weren’t ‘salted’ and could be easily decrypted.
Yahoo and Tesco are some of the other companies that were singled out last year for not encrypting their passwords and thus ignoring basic security rules.
“As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content,” said the company.
How well do you know Internet security? Try our quiz and find out!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
When forever isn't forever - Evernote hack perspective
The Evernote hack highlights the very real security risks of letting employees use public cloud applications for business use. Use of Evernote creates copies of business information in the cloud and puts organizations at the mercy of service provider's security measures. Yes employees need to be able to create, view, access, edit and share information on mobile devices but they need to do this securely. Accellion recently announced an integrated secure productivity app with secure file sharing to eliminate the security risks of using third party apps such as Evernote. There continues to be a real risk of employees using free, public cloud solutions like Evernote, which puts an organization at risk for data leaks. However, with Accellion’s mobile productivity suite, users can create, edit and collaborate within a secure workspace without accessing a third party app like Evernote to help prevent data leaks, protect user credentials and keep an organization’s information under their management and control.