Evernote hacked: 50 million passwords reset (Update)

March 3, 2013

Online note-taking service Evernote Corp. has been hacked and is resetting all its 50 million users' passwords as a precaution.

The Redwood City, California-based company said in a post published late Saturday that an attacker had been able to access sensitive customer information and that every user would have their account reset "in an abundance of caution." In a follow-up email sent Sunday, the company said it believed the attack "follows a similar pattern of the many high profile attacks on other internet-based companies that have taken place over the last several weeks"—an apparent reference of recent breaches at Facebook Inc., Twitter Inc., and Apple Inc.

However the company said the attack did not appear to be linked to Java, a commonly used computer programming language whose weaknesses have been used as springboards for other recent hacks.

Evernote said the attack, which it described as "sophisticated," was able to compromise an unspecified number of customers' encrypted passwords. Decoding such passwords can be difficult but possible.

The company said it has seen no evidence that any customer data had been tampered with or that any payment information had been compromised.

Explore further: Consumers urged to be vigilant in wake of Zappos cyberattack


Related Stories

Consumers urged to be vigilant in wake of Zappos cyberattack

January 18, 2012

(PhysOrg.com) -- As an estimated 24 million Zappos.com customers begin receiving notifications that some of their personal data have been compromised in a massive cyberattack, an Indiana University cybersecurity expert is ...

Password breach spreads beyond LinkedIn

June 7, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

Social site Formspring hacked, passwords disabled

July 11, 2012

(AP) — Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web in their encrypted form.

Recommended for you

Internet giants race to faster mobile news apps

October 4, 2015

US tech giants are turning to the news in their competition for mobile users, developing new, faster ways to deliver content, but the benefits for struggling media outlets remain unclear.

Radio frequency 'harvesting' tech unveiled in UK

September 30, 2015

An energy harvesting technology that its developers say will be able to turn ambient radio frequency waves into usable electricity to charge low power devices was unveiled in London on Wednesday.

Professors say US has fallen behind on offshore wind power

September 29, 2015

University of Delaware faculty from the College of Earth, Ocean, and Environment (CEOE), the College of Engineering and the Alfred Lerner School of Business and Economics say that the U.S. has fallen behind in offshore wind ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Mar 03, 2013
I'd be curious to know *how* this breach occured. Did someone forget to close a port? Was security deferred to favor usability as is so often the case? Or is the shameful truth that 48,999 of their subscribers had "password" or "12345" as their password.

I know it's embarrassing. We (security folks) all work so hard to make sure we bolted all the doors and locked all the windows. Unless sensationalism is all your after, it'd be extremely helpful to know how the breach was done.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.