Evernote hacked: 50 million passwords reset (Update)

Mar 03, 2013

Online note-taking service Evernote Corp. has been hacked and is resetting all its 50 million users' passwords as a precaution.

The Redwood City, California-based company said in a post published late Saturday that an attacker had been able to access sensitive customer information and that every user would have their account reset "in an abundance of caution." In a follow-up email sent Sunday, the company said it believed the attack "follows a similar pattern of the many high profile attacks on other internet-based companies that have taken place over the last several weeks"—an apparent reference of recent breaches at Facebook Inc., Twitter Inc., and Apple Inc.

However the company said the attack did not appear to be linked to Java, a commonly used computer programming language whose weaknesses have been used as springboards for other recent hacks.

Evernote said the attack, which it described as "sophisticated," was able to compromise an unspecified number of customers' encrypted passwords. Decoding such passwords can be difficult but possible.

The company said it has seen no evidence that any customer data had been tampered with or that any payment information had been compromised.

Explore further: Shazam breaks 100 million monthly user mark

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Social site Formspring hacked, passwords disabled

Jul 11, 2012

(AP) — Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web in their encrypted form.

Consumers urged to be vigilant in wake of Zappos cyberattack

Jan 18, 2012

(PhysOrg.com) -- As an estimated 24 million Zappos.com customers begin receiving notifications that some of their personal data have been compromised in a massive cyberattack, an Indiana University cybersecurity expert is warning t ...

Online passwords are insecure: study

Apr 03, 2012

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis.

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

Recommended for you

Twitter tries to block images of Foley killing

14 hours ago

Twitter and some other social media outlets are trying to block the spread of gruesome images of the beheading of journalist James Foley by Islamic State militants, while a movement to deny his killers publicity ...

New generation is happy for employers to monitor them on social media

14 hours ago

Will employers in the future watch what their staff get up to on social media? Allowing bosses or would-be employers a snoop around social media pages is a growing trend in the US, and now a new report from PricewaterhouseCoopers and the Said Business School suggest ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

ScienceDave
5 / 5 (1) Mar 03, 2013
I'd be curious to know *how* this breach occured. Did someone forget to close a port? Was security deferred to favor usability as is so often the case? Or is the shameful truth that 48,999 of their subscribers had "password" or "12345" as their password.

I know it's embarrassing. We (security folks) all work so hard to make sure we bolted all the doors and locked all the windows. Unless sensationalism is all your after, it'd be extremely helpful to know how the breach was done.