Evernote recently announced that it has been victim of the hack frenzy which has been around for quite some time targeting major websites and media companies in the US. As a security precaution, the company has performed a password reset which affects practically all users on the service.
While the official Evernote blog states that no user content stored online was compromised deleted or modified, the people responsible were able to get their hands on certain information like usernames, email addresses associated with accounts and encrypted passwords. On the bright side, the details stolen are protected by one-way encryption which means that they are hashed and salted. Also, payment information for the Premium and Business services are intact with no evident leaks.
The hack was identified during a security investigation where suspicious activity was discovered on the network attempting to breach secure areas. Nevertheless, the attack was blocked. The company claims that their current password encryption is strong, but as a precaution all account will be reset. On signing in from the company’s website, users will be prompted to change their password in order to access their content. To simplify the process, various updates have been released for the mobile applications where the reset procedure can be carried out as well.
A few guidelines have been provided to assist users in creating a robust letter combination. The steps include creating a password that’s complicated and not based on simple dictionary words, prevent maintaining the same combination for different websites and services and lastly, never choose to reset an account through email. Instead, head over to the sign in page and choose the option from there.
Back in early February, Twitter announced that it had fallen victim of an attack. The servers were breached and the SNS managed to block the unauthorized soon. However, approximately 250,000 usernames, email addresses, session tokens and passwords were taken in the meantime. The company stated that all data stolen were encrypted. Twitter wasn’t alone as 2 weeks later, Facebook disclosed that it was hacked as well in January. The social network asserted that no user data was compromised and the sophisticated attack was put to a stop before any information got leaked.
The Evernote team has also sent out an apology for the hassle users will have to endure, but states that the decision will result in a more secure experience.