Evernote has reset all 50 million user passwords after it became the latest in a string of high profile technology firms to be hit by hackers.
Over the weekend, the popular personal organiser app said it had discovered and blocked suspicious activity on the network but have issued a service wide password reset for all users
The attack had allowed hackers to get access to user’s personal information. However, the company said it has seen no evidence that any customer data had been tampered with or that any payment information had been compromised.
In a post on Evernote’s official blog, the company said: “We have found no evidence that any of the content you store in Evernote was accessed, changed or lost.” Following this Evernote then go on to express that, “the investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with the Evernote accounts and encrypted passwords.”
Evernote urges that although passwords were accessed, the company’s one way encryption means the attackers would have faced a difficult time uncovering the actual passwords.
Evernote lets users take quick notes and organise personal information from web pages. The company has an estimated 50 million users, all of which will now be prompted to reset their passwords.
In a follow-up email sent Sunday, the company said it believed the attack “follows a similar pattern of the many high profile attacks on other internet-based companies that have taken place over the last several weeks” — an apparent reference of recent breaches at Facebook, Twitter, and Apple.
However the company said the attack did not appear to be linked to Java, a commonly used computer programming language whose weaknesses have been used as springboards for other recent hacks.
The full notice has been sent out to all Evernote users but can be read here.
One Comment
Comments are closed.
what difference does it make whether they can get the passwords or not, if they have access to the database they already have access to everything in everyone’s accounts. Resetting passwords seems like a pointless exercise to make people feel better. In fact if you get into a database the simplest thing to do would be change everyone’s email address to something you have access to, then when the company send out blanket ‘change password’ emails you would have instant access to change all account passwords to something you do know.