Evernote hacked: 50 million passwords reset (Update)

Mar 03, 2013

Online note-taking service Evernote Corp. has been hacked and is resetting all its 50 million users' passwords as a precaution.

The Redwood City, California-based company said in a post published late Saturday that an attacker had been able to access sensitive customer information and that every user would have their account reset "in an abundance of caution." In a follow-up email sent Sunday, the company said it believed the attack "follows a similar pattern of the many high profile attacks on other internet-based companies that have taken place over the last several weeks"—an apparent reference of recent breaches at Facebook Inc., Twitter Inc., and Apple Inc.

However the company said the attack did not appear to be linked to Java, a commonly used computer programming language whose weaknesses have been used as springboards for other recent hacks.

Evernote said the attack, which it described as "sophisticated," was able to compromise an unspecified number of customers' encrypted passwords. Decoding such passwords can be difficult but possible.

The company said it has seen no evidence that any customer data had been tampered with or that any payment information had been compromised.

Explore further: Fitbit to Schumer: We don't sell personal data

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Social site Formspring hacked, passwords disabled

Jul 11, 2012

(AP) — Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web in their encrypted form.

Consumers urged to be vigilant in wake of Zappos cyberattack

Jan 18, 2012

(PhysOrg.com) -- As an estimated 24 million Zappos.com customers begin receiving notifications that some of their personal data have been compromised in a massive cyberattack, an Indiana University cybersecurity expert is warning t ...

Online passwords are insecure: study

Apr 03, 2012

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis.

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

Recommended for you

US warns shops to watch for customer data hacking

2 hours ago

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

16 hours ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

20 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

22 hours ago

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

22 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

Aug 21, 2014

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

ScienceDave
5 / 5 (1) Mar 03, 2013
I'd be curious to know *how* this breach occured. Did someone forget to close a port? Was security deferred to favor usability as is so often the case? Or is the shameful truth that 48,999 of their subscribers had "password" or "12345" as their password.

I know it's embarrassing. We (security folks) all work so hard to make sure we bolted all the doors and locked all the windows. Unless sensationalism is all your after, it'd be extremely helpful to know how the breach was done.