Skip to main content

Evernote hack: 50 million users forced to reset passwords

evernoteAnother day, another hack. This time it’s the online note-taking service Evernote which has suffered a security breach, leading to the California-based company issuing password reset instructions for all 50 million of its users.

The service announced in a blog post over the weekend that its Operations & Security team had spotted “suspicious activity” on its network that looked like “a coordinated attempt to access secure areas of the Evernote service.”

Evernote’s Dave Engberg said in the post that during its investigation it’d found that those responsible for the hack had been able to gain access to Evernote user information such as usernames, Evernote-linked email addresses and encrypted passwords.

“Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.),” Engberg wrote.

However, the company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was their any indication that content stored by users had been accessed, changed or lost.

“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure,” Engberg wrote. “This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”

Engberg asked that all Evernote users sign into their account to create a new password in order to ensure the security of their account and data.

Once you sign in, you’ll be prompted to create a new password. Engberg said that updates to Evernote apps will be rolled out shortly in order to make the password change process easier, as the new password will have to be used with its apps too.

Engberg reassured users that Evernote takes site security “very seriously” and said it was “constantly enhancing” the security of its service infrastructure.

Evernote’s security breach comes just after Dropbox users began reporting suspicious activity on the cloud storage site late last week. Other high-profile companies have also suffered security breaches in recent weeks, including Microsoft, Apple and Facebook.

Editors' Recommendations

Topics
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Quora hit by data breach affecting around 100 million users
quora

Quora has been targeted by hackers in a data breach affecting around 100 million of its users.

The Mountain View, California-based company that operates a question-and-answer website said on Monday, December 3 that it recently discovered unauthorized access to its computer systems.

Read more
Instagram tool accidentally exposes user passwords. Were you affected?
how to use Instagram Stories

The Instagram tool that allows users to download a copy of their data from the social media platform had a security flaw that accidentally leaked passwords in plain text.

In April, Facebook-owned Instagram rolled out a Download Your Data tool that sends users a file containing all the pictures, comments, and other information that they have shared on the platform. The feature was rolled out to comply with new data privacy regulations in Europe and to address the privacy concerns of users around the world amid Facebook's Cambridge Analytica scandal.

Read more
Uber agrees to pay $148 million for 2016 hack and cover-up
uber to pay 148m for 2016 hack and cover up

Uber's 2016 shenanigans that saw it fail to report a massive data breach and led to it paying the hackers $100,000 has ended up costing the company $148 million.

The ridesharing giant has agreed to pay the sum after reaching a settlement with all 50 U.S. states and the District of Columbia that had accused it of breaking the rules.

Read more