Evernote hacked, forces password reset
Summary: The popular multi-platform, note-taking Web application Evernote has had its master Web site hacked - and you must change your password before you can use it.
2013 may become known as the year of hacker. Following sucessful hacks of Apple, Facebook, Microsoft, and NBC's Web sites and servers, the popular multi-platform, note-taking Web application Evernote servers have been hacked.Evernote has been cracked and is requiring all its users to reset their passwords.
Evernote reports that while they caught the attack early on, their "investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"
Despite this encryption, Evernote is requiring all of its users to change their Evernote account passwords. You can do this either the next time you try to use Evernote via the Web site or by going to the main site now and creating a new password. If you need help with this, Evernote asks that you contact them via their online support Webpage.
After signing in to the Web site, you will be required to enter a new password. Once you have reset your password, you will need to enter this new password on all of your Evernote apps. The company also states that, "We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours."
In addition, the company reminds all Evernote users of the usual precautions you should take with your security on any online account:
- Avoid using simple passwords based on dictionary words.
- Never use the same password on multiple sites or services.
- Never click on 'reset password' requests in emails — instead go directly to the service.
To this list, I might add that choosing the option to stay logged into Evernote for up to a week at a time is not a safe choice.
This successful hacking into Evernote is unlikely to resulted from hackers simply breaching user accounts. Many successful Web site hacks in recent weeks have been the result of holes in Java Web plug-ins. As a result, security experts have been warning users to disable Java on their PCs.
This theory seems credible since, in a statement made to CNET, an Evernote spokesperson said, "Our operations and security team caught this at what we believe to be the beginning stages of a sophisticated attack. They are continuing to investigate the details. We believe this activity follows a similar pattern of the many high profile attacks on other Internet-based companies that have taken place over the last several weeks."
Nevertheless, he continued, "At this time we believe we have blocked any unauthorized access, however security is Evernote's first priority. This is why, in an abundance of caution, we are requiring all users to reset their Evernote account passwords before their next Evernote account log-in."
Saturday, March 2, 2013
Evernote hacked, forces password reset | ZDNet