Evernote Resets Everyone's Passwords After Intrusion
Evernote's security team has detected a coordinated attempt to gain access to secured areas of their systems. So as to be safe, rather than sorry, they have forced all users to reset their passwords before proceeding to use the service.
Then I noticed a post on Facebook from Evernote, which I received because I had Liked them, noting the system-wide password reset and linking to the blog entry on their site to which I liked just above. Other people also found the mechanism the company used confusing.
The blog notes that the attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. They were not able to access payment information nor any user content. The passwords are salted and hashed; if that was done properly, they should be of no use to the attackers.
Evernote will also be releasing updates to their apps very soon to address the attack.
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: