After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.

Larry Seltzer, Contributor

March 2, 2013

1 Min Read

Evernote's security team has detected a coordinated attempt to gain access to secured areas of their systems. So as to be safe, rather than sorry, they have forced all users to reset their passwords before proceeding to use the service.

same as caption New password? What new password?

I noticed this myself this morning when I tried to load up Evernote on my Mac and got the message nearby that my password had changed and that I should enter the new one. This left me confused as I had not reset my password.

Then I noticed a post on Facebook from Evernote, which I received because I had Liked them, noting the system-wide password reset and linking to the blog entry on their site to which I liked just above. Other people also found the mechanism the company used confusing.

The blog notes that the attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. They were not able to access payment information nor any user content. The passwords are salted and hashed; if that was done properly, they should be of no use to the attackers.

Evernote will also be releasing updates to their apps very soon to address the attack.

Read more about:

20132013

About the Author(s)

Larry Seltzer

Contributor

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+:

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights