Evernote hit in hacking attack, users must reset their passwords

The company believes the attack was a coordinated attempt to compromise its systems

Evernote, which makes business and consumer productivity software for things like taking notes and doing research, is forcing all of its 50 million users to change their passwords after detecting a hacker intrusion on its sytems.

The attacker gained access to Evernote accounts' usernames, email addresses and passwords. Although passwords are encrypted, the company "in an abundance of caution" is implementing a password reset, the company said in a blog post on Saturday.

There is no evidence that the malicious hackers accessed user content nor that they got a hold of customers' payment information, according to the company.

The network "suspicious activity" that Evernote detected and blocked was an apparent "coordinated attempt" to break into secure areas of its service, Evernote said in the post.

"After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours," reads Evernote's blog post.

Evernote is the latest victim in a recent string of hacking incidents against high-profile technology companies, including Apple, Microsoft, Twitter and Facebook.

Evernote makes free and fee-based applications that can be accessed via web browsers, mobile devices and desktop computers.

Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.

Tags: Evernote, security

Hackers prepping for OpenSSL Heartbleed attacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.