Evernote Resets Everyone's Passwords After Intrusion
After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.
Evernote's security team has detected a coordinated attempt to gain access to secured areas of their systems. So as to be safe, rather than sorry, they have forced all users to reset their passwords before proceeding to use the service.
New password? What new password?
I noticed this myself this morning when I tried to load up Evernote on my Mac and got the message nearby that my password had changed and that I should enter the new one. This left me confused as I had not reset my password.
Then I noticed a post on Facebook from Evernote, which I received because I had Liked them, noting the system-wide password reset and linking to the blog entry on their site to which I liked just above. Other people also found the mechanism the company used confusing.
The blog notes that the attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. They were not able to access payment information nor any user content. The passwords are salted and hashed; if that was done properly, they should be of no use to the attackers.
Evernote will also be releasing updates to their apps very soon to address the attack.
About the Author
You May Also Like