Web-based note-sharing service Evernote issued a security notice warning users of â€œsuspicious activityâ€ in their network that resulted in the exposure of usernames, cryptographically protected passwords, and e-mail addresses.
No evidence of data tampering was discovered, and Evernote emphasized that no user payment information was exposed. By issuing a precautionary password reset notice to all its 50 million users, Evernote hopes to avoid any user account breaches that might follow.
â€œIn our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost,â€ said the Evernote Team. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.â€
While Evernoteâ€™s passwords were cryptographically protected â€“ hashed and salted â€“ cracking them, although time-consuming, could eventually be done. Although the nature of the security breach was not detailed, the company could still be investigating.
Acknowledging that hacking activities on large services are becoming common, the company reassured users theyâ€™re constantly improving security to better protect personal and sensitive data. The Evernote Team issued three simple tips on how to create a powerful password, and apologized for the inconvenience by saying that resetting everyoneâ€™s password is the only way to make sure no account gets compromised.
â€œThere are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:
-Â Â Â Â Â Â Â Â Â Avoid using simple passwords based on dictionary words
-Â Â Â Â Â Â Â Â Â Never use the same password on multiple sites or services
-Â Â Â Â Â Â Â Â Â Never click on â€˜reset passwordâ€™ requests in emails â€” instead go directly to the service
Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience.â€