Evernote resets all passwords after hack compromises user data

Email addresses, passwords and usernames may have been stolen

Evernote resets all passwords after hack compromises user data

Update: Evernote users, take note - the company plans to implement two-factor authentication as soon as possible following the hack.

In a statement sent to Information Week, an Evernote spokeswoman said that the note-taking business was already planning such a feature, but after last month's hack, the process has been put into high gear.

Original article...

Popular note taking service Evernote has reset all users' passwords following a 'co-ordinated' hack on its servers.

The company said it had taken the 'precautionary' step after its security and operations team discovered that hackers had gleaned access to members' usernames, encrypted passwords and email addresses.

Although the passwords were 'salted and hashed' in the company's database (making them extremely hard to decrypt and trace back to individuals) all users will have to create a new password next time they log in.

The company was keen to point out that the attack, first discovered on February 28, had not compromised any credit card or payment information, neither had any notes been accessed or altered.

No content accessed

The company promised that although 'malicious' attacks of this nature are becoming more common, its security team is doing everything it can to protect users.

A post on the company blog explained: "In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"

"While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com."