Evernote, the popular cloud-based note-taking service, has just been hacked. The company reportedly saw network traffic that looked suspicious and caused them to force a mass reset of passwords. The company has confirmed that hashed and salted passwords were leaked as well as usernames and email addresses. However, the company confirmed that no credit card numbers were leaked.
We’ve embedded Evernote’s email to users below:
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking steps to ensure your personal data remains secure. This means that in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.
Remember, if any of your other online accounts share the same password as your Evernote account, make sure to change those passwords as well. For the future, make sure to never use the same password across accounts that share the same username and email address. We’d highly recommend using a password manager such as 1Password as well for added security.
Image Credit: Heisenberg Media
