Security

Evernote Hack Exposes User Data, Forces Extensive Password Resets

Evernote “has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service,” according to a statement posted on the company’s website earlier today. “As a precaution to protect your data, we have decided to implement a password reset.”
Image may contain Human Person Weapon Gun and Weaponry
Customer email, username, and password data was accessed in a hack announced by Evernote Saturday morning.Image: Evernote

Evernote joins Twitter, Apple, and Facebook on the list of tech companies hacked in recent weeks.

Evernote “has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service,” according to a statement posted on the company’s website earlier today. “As a precaution to protect your data, we have decided to implement a password reset.”

About 50 million passwords have been changed following the breach.

The hackers accessed usernames, email addresses and encrypted passwords. The company is now requiring its users to update their passwords. To facilitate this, Evernote is releasing app updates.

The company claims they’ve found “no evidence” that user content was changed or lost nor that payment information was accessed.

Some users, however, said they had to resync their off-line content as a result of the hack in the Evernote forum.

In a statement sent to CNET, a company representative claims the company caught the hackers early and that they “believe this activity follows a similar pattern of the many high profile attacks on other Internet-based companies that have taken place over the last several weeks.”

The rep went on to say Evernote is “actively communicating to our users about this attack through our blog, direct e-mails, social media, and support.” The Evernote homepage implies email notifications have been sent to users. This author has not yet received one at time of publishing.

The company thinks “creating strong, new passwords will help ensure that user accounts remain secure.” But that’s questionable. Wired's Mat Honan has suggested abandoning passwords altogether in favor of alternative methods for keeping data secure after he was hacked earlier this summer.

Reactions to the news have quickly spread through Twitter. One user noted, “I’ve had that disturbing feeling this was inevitable.” Patrick LaForge, an editor at the New York Times quipped, “The least the Evernote hackers could do is organize my folders of random clipping and wine label photos.”

This hack comes a day after Evernote made changes to its privacy policies, user guidelines and terms of service.

Most Popular