Evernote hacked: 50 million passwords reset (Update)

Evernote

Online note-taking service Evernote Corp. has been hacked and is resetting all its 50 million users' passwords as a precaution.

The Redwood City, California-based company said in a post published late Saturday that an attacker had been able to access sensitive customer information and that every user would have their account reset "in an abundance of caution." In a follow-up email sent Sunday, the company said it believed the attack "follows a similar pattern of the many high profile attacks on other internet-based companies that have taken place over the last several weeks"—an apparent reference of recent breaches at Facebook Inc., Twitter Inc., and Apple Inc.

However the company said the attack did not appear to be linked to Java, a commonly used computer programming language whose weaknesses have been used as springboards for other recent hacks.

Evernote said the attack, which it described as "sophisticated," was able to compromise an unspecified number of customers' encrypted passwords. Decoding such passwords can be difficult but possible.

The company said it has seen no evidence that any customer data had been tampered with or that any payment information had been compromised.


Explore further

Social site Formspring hacked, passwords disabled

Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Citation: Evernote hacked: 50 million passwords reset (Update) (2013, March 3) retrieved 14 October 2019 from https://phys.org/news/2013-03-evernote-hacked-million-passwords-reset.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Mar 03, 2013
I'd be curious to know *how* this breach occured. Did someone forget to close a port? Was security deferred to favor usability as is so often the case? Or is the shameful truth that 48,999 of their subscribers had "password" or "12345" as their password.

I know it's embarrassing. We (security folks) all work so hard to make sure we bolted all the doors and locked all the windows. Unless sensationalism is all your after, it'd be extremely helpful to know how the breach was done.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more