Evernote hacked: 50 million passwords reset (Update)

Mar 03, 2013

Online note-taking service Evernote Corp. has been hacked and is resetting all its 50 million users' passwords as a precaution.

The Redwood City, California-based company said in a post published late Saturday that an attacker had been able to access sensitive customer information and that every user would have their account reset "in an abundance of caution." In a follow-up email sent Sunday, the company said it believed the attack "follows a similar pattern of the many high profile attacks on other internet-based companies that have taken place over the last several weeks"—an apparent reference of recent breaches at Facebook Inc., Twitter Inc., and Apple Inc.

However the company said the attack did not appear to be linked to Java, a commonly used computer programming language whose weaknesses have been used as springboards for other recent hacks.

Evernote said the attack, which it described as "sophisticated," was able to compromise an unspecified number of customers' encrypted passwords. Decoding such passwords can be difficult but possible.

The company said it has seen no evidence that any customer data had been tampered with or that any payment information had been compromised.

Explore further: Most internet anonymity software leaks users' details

0 shares

Related Stories

Social site Formspring hacked, passwords disabled

Jul 11, 2012

(AP) — Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web in their encrypted form.

Consumers urged to be vigilant in wake of Zappos cyberattack

Jan 18, 2012

(PhysOrg.com) -- As an estimated 24 million Zappos.com customers begin receiving notifications that some of their personal data have been compromised in a massive cyberattack, an Indiana University cybersecurity expert is warning t ...

Online passwords are insecure: study

Apr 03, 2012

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis.

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

Recommended for you

New approach to online compatibility

18 hours ago

Many of the online social networks match users with each other based on common keywords and assumed shared interests based on their activity. A new approach that could help users find new friends and contacts with a greater ...

Most internet anonymity software leaks users' details

Jun 29, 2015

Virtual Private Networks (VPNs) are legal and increasingly popular for individuals wanting to circumvent censorship, avoid mass surveillance or access geographically limited services like Netflix and BBC ...

WikiLeaks says NSA spied on French business

Jun 29, 2015

WikiLeaks has released documents that it says show that the U.S. National Security Agency eavesdropped on France's top finance officials and high-stakes French export bids over a decade in what the group called targeted economic ...

Google gets extended deadline to answer EU case

Jun 29, 2015

Brussels has given Google an extension until mid-August to answer an anti-trust case alleging that the tech giant abuses its search engine's market dominance, a company spokesman said Monday.

Facebook opens first Africa office

Jun 29, 2015

Facebook announced Monday it had opened its first African office in Johannesburg as part of its efforts "to help people and businesses connect" on the continent.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

ScienceDave
5 / 5 (1) Mar 03, 2013
I'd be curious to know *how* this breach occured. Did someone forget to close a port? Was security deferred to favor usability as is so often the case? Or is the shameful truth that 48,999 of their subscribers had "password" or "12345" as their password.

I know it's embarrassing. We (security folks) all work so hard to make sure we bolted all the doors and locked all the windows. Unless sensationalism is all your after, it'd be extremely helpful to know how the breach was done.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.