Evernote, the popular cross-platform note taking and sharing app, has issued a statement about some recent "suspicious activity on the Evernote network". All users will have to change their password, and it seems that user names, and other data that includes the encrypted version of passwords has been accessed. In a letter sent out to users, Evernote says the following:
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking steps to ensure your personal data remains secure. This means that in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.
As we've seen recently, there's a rash of coordinated attempts to hack the big players in online services. Hopefully Evernote's encryption methods are solid, but having users change their password at log in is a great way to keep everyone safe. Visit Evernote's blog for more information.
- Filed under: