Evernote Issues Password Reset After Security Breach

by

evernoteNote-taking service Evernote today released a statement announcing that it had discovered suspicious activity on the Evernote network, which prompted it to issue a service-wide password reset.

While Evernote says that no content or payment information was accessed, hackers did acquire usernames, email addresses, and encrypted passwords.

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

All Evernote users will be prompted to choose a new password when logging in to the website. The company is is also releasing updates to several of its apps today to facilitate the password change.

Evernote's security breach comes a bit over a week after Apple, Twitter, and Facebook were hacked when employees visited iPhoneDevSDK, an online forum for software developers.

Top Rated Comments

jennyp Avatar
103 months ago

I have a 20 character master password with 1Passsword. If I go to the site below and enter a password mask (I would never enter my actual password in anything other than 1Password), it would take sextillion years to crack my password.

http://howsecureismypassword.net


That isn't strictly true. Your password could be cracked in the first 5 minutes of a run. It's highly unlikely, true, but the proper way to state matters would be to say that it would take that length of time to try all combinations of the characters you use.

</pedantry>
Score: 2 Votes (Like | Disagree)
canyonblue737 Avatar
103 months ago
I never got an email either but I think I know why... evernote sent the email from a NON-evernote domain that was only registered a few months ago and who's ID looks like it doesn't belong to evernote. It looks EXACTLY like a classic fishing scheme... except evernote has admit it really was from them. Many email services grab these messages because they look so obviously fake. They are now saying on the forums it was due to this happening in the midst of a big email server switch for them and this was the only way they could send out 50 million emails on short notice. To me it says that this is a big company still playing amateur hour when it comes to user security.

1. no 2 factor authentication.
2. SSL only when sending data to their servers.
3. no encryption of ANY KIND of ANY of your notes or notebooks on their servers. if someone gets your primary password, everything is exposed.
4. poor handling of the large data leak... email response, style and timing was all beyond poor. all passwords reset prior to ANY email, twitter, homepage or any other notification sent from evernote. the error alert saturday morning on evernote.com and in apps simply said you were entering the wrong password leading thousands to think they had been hacked with nothing at all explaining what had really happened.

this is a company that proudly has articles on their website saying "how to use evernote at tax time" but does nothing at all to protect the critical nature of user information on their servers. no one does this as poorly in the crowd they want to play in: apple, twitter, google, dropbox etc. it is downright irresponsible for them to imply that critical user data is safe and they haven't even hinted they want to improve it ('cept for 2 factor which they have been implying for a year and never arrived even with the big 5.0 update.)

i hope evernote stops what they are doing, realizes they are becoming a MAJOR player in the cloud space and with 60 million accounts they have to do FAR better. evernote has been iterating like mad on their service which has brought them great success but they need to pour their resources into security they desperately need starting with 2 factor authentication and the ability to encrypt notebooks. only then will evernote be a modern, secure cloud service to store your life's most valuable information.
Score: 1 Votes (Like | Disagree)
japanime Avatar
103 months ago
I use Evernote but didn't seem to receive the email warning of the password breach. It certainly wasn't in my inbox.

So, I just searched my Mail.app and discovered that Apple's junk-mail filter had put the Evernote email directly into the trash. :confused:
Score: 1 Votes (Like | Disagree)
turtle777 Avatar
103 months ago

For instance, 1password or wallet use icloud or dropbox to sync between devices and for backup. Should someone get my sync file, they have all the time in the world to try to get passed the encryption/masterpassword and access to all my passwords.


In case of 1PW, they would need all the time in the world.

As long as you use a long and safe Master Password, encrypted data in the cloud is not an issue.

They will go for a dictionary attack before they try to decrypt your contents.

-t
Score: 1 Votes (Like | Disagree)
maxosx Avatar
103 months ago
This event simply emphasizes the value of taking one's password & security plan seriously.

By keeping it dynamic with regular changing of passwords & executing procedures as suggested by those above, one is relatively safe.
Score: 1 Votes (Like | Disagree)
furi0usbee Avatar
103 months ago

One way is to have your own domain and a hosting service with unlimited number of convenient mail aliases. Also makes it easy to shutdown an address if it starts to get spam...

1Password is really nice.


I have several websites/domains, but I would never want to take the time to start using a separate email now for each account. Even though I could just do mymail1@, mymail2@, and just forward them to a master account, I don't feel the need to do that just now. It's better security that's for sure, but I don't know if I need that now. But I will put that on my list of things to consider.

What I do thought, is lie when presented with secret questions for my accounts. So if it says what state was I born, I say any state other than my own. When it says first car, I say some nice Italian number, etc.

Bryan
Score: 1 Votes (Like | Disagree)

Top Stories

iphone 5s black slate

Images of Unreleased iPhone 5s in Black and Slate Shared Online

Sunday January 17, 2021 9:47 am PST by
Twitter user @DongleBookPro has today shared images of a prototype iPhone 5s in an unreleased Black and Slate color. The iPhone 5s was launched in September 2013. The device featured Touch ID, a 64-bit processor, and a True Tone LED flash for the first time. Other new features included a five-element lens with an f/2.2 aperture, a 15 percent larger camera sensor, Burst Mode, and Slo-Mo...
iP12 charge airpods feature 2

Hidden iPhone 12 Hardware Feature Could Still be Unlocked

Thursday January 14, 2021 2:51 am PST by
All iPhone 12 and iPhone 12 Pro models purportedly have a hidden reverse wireless charging feature, according to an FCC filing. The feature has not yet been activated, but could yet be unlocked for an upcoming Apple accessory. The FCC filing suggests that iPhone 12 models contain the hardware for Wireless Power Transfer (WPT) to accessories: In addition to being able to be charged by a...
Top Stories 43 Feature

Top Stories: MacBook Pro, iMac, Mac Pro, and iPhone Rumors, Best of CES 2021

Saturday January 16, 2021 6:00 am PST by
This week was sure a busy one in the Apple world, with a flurry of announcements out of CES early in the week followed by a rash of Mac- and iPhone-related rumors later in the week. The new rumors this week included details on updated MacBook Pro, iMac, and Mac Pro models, as well as a few other tidbits, so make sure to read on below to get caught up! Kuo: New MacBook Pro Models to...
foldable iPhone concept feature

Apple Testing In-Display Fingerprint Sensor for iPhone 13, Foldable iPhone Also in the Works

Friday January 15, 2021 1:46 pm PST by
Apple has started "early work" on an iPhone that has a foldable display, according to a new report from Bloomberg's Mark Gurman. Though testing of a foldable iPhone has begun, Apple has not committed to releasing a device that has a foldable display. Development has not yet expanded beyond a display and Apple does not have full foldable iPhone prototypes in its labs. Like foldable...
16inchmacbookpromain

Kuo: New MacBook Pro Models to Feature Flat-Edged Design, MagSafe, No Touch Bar and More Ports

Thursday January 14, 2021 9:32 pm PST by
Apple is working on two new MacBook Pro models that will feature significant design changes, well-respected Apple analyst Ming-Chi Kuo said today in a note to investors that was obtained by MacRumors. According to Kuo, Apple is developing two models in 14 and 16-inch size options. The new MacBook Pro machines will feature a flat-edged design, which Kuo describes as "similar to the iPhone 12" ...
macbook pro flexgate

Apple Extends 13-Inch MacBook Pro Backlight Repair Program

Sunday January 17, 2021 10:31 am PST by
Apple this week extended its worldwide 13-inch MacBook Pro Display Backlight Service Program, authorizing coverage for eligible notebooks for up to five years after the original purchase date or up to three years after the start date of the program, whichever is longer. The previous cutoff was four years after the original purchase date. Apple launched the program on May 21, 2019 after...
iphone x camera close

iOS 14.4 Will Introduce Warning on iPhones With Non-Genuine Cameras

Thursday January 14, 2021 8:07 am PST by
In the second beta of iOS 14.4 seeded to developers and public testers this week, MacRumors contributor Steve Moser has discovered code indicating that Apple will be introducing a new warning on iPhones that have had their camera repaired or replaced with aftermarket components rather than genuine Apple components. "Unable to verify this iPhone has a genuine Apple camera," the message will...
Apple TV Ray Light 2 Triad

Apple Extends Free Apple TV+ Trials Until July

Friday January 15, 2021 10:50 am PST by
Apple is once again planning to extend its free Apple TV+ trial subscriptions, this time until July. When Apple TV+ launched in November 2019, Apple offered free Apple TV+ subscriptions to those who purchased a new Apple device in or after September 2019. Those free subscriptions were set to expire in November 2020, but in October 2020, Apple announced that it was extending free trials...
mac pro mini feature

Apple Working on Two New Mac Pro Desktops, One of Which Will Be Reminiscent of Power Mac G4 Cube

Friday January 15, 2021 10:23 am PST by
Apple is developing two versions of the Mac Pro to succeed the Mac Pro that was first released in December 2019, according to a new report from Bloomberg. The first updated Mac Pro is a direct successor to the current Mac Pro and it will use the same design. It may also be equipped with Intel processors rather than Apple silicon chips, and it could be one of the sole machines in the Mac...
macbook pro magsafe

MagSafe is Coming Back to the Mac: A Look Back at Apple's Original Magnetic Charging Technology

Friday January 15, 2021 12:16 pm PST by
Surprise late night rumors last night provided us with our first in-depth look at what we can expect from the new MacBook Pro models that are coming in 2021, and there are some significant changes in the works. Along with additional ports, a new flat-edged design, and the removal of the Touch Bar, Apple's updated MacBook Pro machines will readopt MagSafe. MagSafe in the 2021 MacBook Pro...