clock menu more-arrow no yes

Filed under:

Evernote resets all passwords after user information is stolen in security breach

New, 154 comments
Evernote 5.0 for iOS
Evernote 5.0 for iOS

Popular note-taking service Evernote has reset all user passwords after information including usernames, email addresses, and encrypted passwords was stolen in a security breach. A warning on the service's official blog — which experienced loading problems soon after being posted — emphasises that no content was either "accessed, changed, or lost," but advises users that they will be prompted to choose a new password next time they log in, and provides advice on selecting a secure word or phrase.

The passwords taken in the breach were both hashed and salted, meaning that they should be protected from all but the most dedicated cracking attempts, but the blog post does not explain which encryption algorithm was used. According to an email from Evernote, "unusual and potentially malicious activity" was first detected by the company's security team on February 28th. Evernote plans to release updates to its native apps for various platforms "over the next several hours" in an attempt to smooth out the password reset process for all users.