Another day, another hack. This time it’s the online note-taking service Evernote which has suffered a security breach, leading to the California-based company issuing password reset instructions for all 50 million of its users.
The service announced in a blog post over the weekend that its Operations & Security team had spotted “suspicious activity” on its network that looked like “a coordinated attempt to access secure areas of the Evernote service.”
Evernote’s Dave Engberg said in the post that during its investigation it’d found that those responsible for the hack had been able to gain access to Evernote user information such as usernames, Evernote-linked email addresses and encrypted passwords.
“Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.),” Engberg wrote.
However, the company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was their any indication that content stored by users had been accessed, changed or lost.
“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure,” Engberg wrote. “This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”
Engberg asked that all Evernote users sign into their account to create a new password in order to ensure the security of their account and data.
Once you sign in, you’ll be prompted to create a new password. Engberg said that updates to Evernote apps will be rolled out shortly in order to make the password change process easier, as the new password will have to be used with its apps too.
Engberg reassured users that Evernote takes site security “very seriously” and said it was “constantly enhancing” the security of its service infrastructure.
Evernote’s security breach comes just after Dropbox users began reporting suspicious activity on the cloud storage site late last week. Other high-profile companies have also suffered security breaches in recent weeks, including Microsoft, Apple and Facebook.
- Attacker stole user data from Reddit through employee accounts
- 92 million accounts at DNA testing service MyHeritage have been hacked
- Connected CloudPets teddy bears blab on owners, leak 2 million voice recordings
- Your body heat can help attackers steal your password in new attack
- Netgear router bug let hackers steal classified documents on drones, tanks