Tuesday, 5 March 2013

Evernote resets user passwords following hacking scare

Evernote has joined the club of companies hacked this year. As a precautionary measure, the popular note-taking service has reset the passwords of all its users after a security breach resulted in user information, including user names, passwords and email addresses, being stolen.

In an email sent to all its users, Evernote wrote that the company’s Operations and Security team had discovered and blocked suspicious activity on the Evernote network. The company added that the attack appeared to be a coordinated attempt to access secure areas of Evernote's service.

The company assured users that it found no evidence that any content stored by users in the service was accessed, changed or lost. Payment information for Evernote Premium or Evernote Business too was not accessed, Evernote said.

The only area accessed by the hackers was account information like usernames and passwords. The email went on to point out that the passwords stored by Evernote "are protected by one-way encryption. (In technical terms, they are hashed and salted.)" The notice then tells users how to go about resetting their passwords and lists tips for choosing stronger ones.

A number of high-profile companies were hacked last month. The domino effect began with Twitter owning up to the fact that it got hacked earlier this year and had to reset passwords for 250,000 users. Facebook too faced issues with employees’ laptops being affected by malware. Companies like Apple and Microsoft also faced malware issues owing to zero-day Java exploits.

Evernote updated its iOS app with new features only a day before this development. The app received better PDF support, a Snippets feature and support for Evernote Business Notebook.

In a statement to CNET, an Evernote representative confirmed that the hack is similar to the high-profile attacks on bigger companies last month. The representative said, “Our operations and security team caught this at what we believe to be the beginning stages of a sophisticated attack. They are continuing to investigate the details. We believe this activity follows a similar pattern of the many high profile attacks on other Internet-based companies that have taken place over the last several weeks.“

“At this time we believe we have blocked any unauthorised access, however security is Evernote's first priority. This is why, in an abundance of caution, we are requiring all users to reset their Evernote account passwords before their next Evernote account log-in. We are actively communicating to our users about this attack through our blog, direct e-mails, social media, and support. This simple step of users creating strong, new passwords will help ensure that user accounts remain secure,” the representative added.

No comments:

Post a Comment