Evernote latest to be hacked, passwords reset

Popular note taking app, Evernote, has announced that they've been hacked. The breach let hackers access email addresses, encrypted passwords and usernames of all Evernote users. Evernote does go onto stress that no data was "accessed, changed, or lost," and no payment information for the Evernote Premium or Evernote Business was lost.

Evernote advises users to change they password as a "precaution," however the passwords that were stolen were protected with one-way encryption. Evernote describes their password defences as "robust" but advises users to create a new password anyway. 

In their blog post, Evernote goes on to give their users tips on creating a new password. Evernote CEO, Phil Libin, describes Evernote's current performance as "choppy", but stresses there is "no threat to user data that we’re aware of." TechCrunch reports that Evernote became aware of the hack on February 28th, which "warranted a deeper look." On the discovery of the hack, Evernote reset all user passwords. 

Evernote is a well funded startup, with large technical talent so a breach of this scale would require a some skill. Whether this breach is linked to those of Apple, Microsoft or Facebook is still unknown. 

Evernote stressed that any worried user should contact Evernote Support with any queries. 

Source: Evernote Blog, TechCrunch Image via Evernote

Report a problem with article
Previous Story

From the Forums: Official Neowin photography competition!

Next Story

Could we see Microsoft update Office 2013 every three months?

13 Comments

Commenting is disabled on this article.

I hope lawmakers will be on top of this soon. They should pass security requirements for companies storing user/private information. Any site / system can be hacked. Hopefully companies not following those requirements will be fined hard, and those who do, can assure us that the extracted information isn't usable by the hackers.
PS: I'm no security/encryption expert, so this might be a utopia.

Support your notion 100%, but indeed - it's not gonna happen. Imagine the outcry, for starters. If anything, it'd be considered a major artificial hurdle towards "rapid innovation and progress".

Don't corporations usually lobby for greater penalties against penetrators rather than waste money on improving their security?

Some smarter companies monitor any news of intrusion then they check themselves and fix it because they know they'll have way higher costs if they try to prevent any intrusion. The thing is that even if they try it and someone still gets through they think they have wasted a lot of money for nothing.

warwagon said,
Roboform or Lasspass + Random passwords FTW!

Ideally yeah but Evernote is one of those services that isn't primarily used on a PC. Many people use on their mobile phones and other devices that don't necessarily have RoboForm (or Lastpass) available.

I personally don't even use it anymore in favor of One Note but still that doesn't make it any better in this case

Thanks, if they are encrypted they might be safe anyway, fingers crossed, I have no idea what I used to sign up so no idea what to change and where

Detection said,
Thanks, if they are encrypted they might be safe anyway, fingers crossed, I have no idea what I used to sign up so no idea what to change and where

The passwords were hashed, and the hashes were salted. So basically it would be hard to find out the actual passwords used.

Northgrove said,

The passwords were hashed, and the hashes were salted. So basically it would be hard to find out the actual passwords used.

that is good to know, I signed up ages ago on android but use one note now for this purpose. Like others I don't remember my login credentials, but nice to know its not another plain text issue.