Evernote resets passwords for all users: Security breach

Almost every big service on the web is getting hit by hackers who are trying to hack into popular web services. Some of the major services that got hit recently include big organizations, including Twitter, Apple, Microsoft, Facebook and Oracle (with their Java platform). Today, it is turn of Evernote to report a similar security breach.

evernote_logo

Good News First

Evernote today announced a similar attempt by hackers to their popular service. The good news about this security breach or attempted security breach is that hackers were unable to neither access, change or delete any of the user’s stored content  nor any payment information for Evernote Premium or Evernote Business customers.

Bad News

But the bad news is that  the hackers were able to gain access to data like Evernote user information, which includes

  • usernames,
  • email addresses associated with Evernote accounts and
  • encrypted passwords (Even though the passwords stored by Evernote are protected by one-way encryption i.e. they are hashed and salted.)

What Now

As a security measure, Evernote is resetting passwords of all users and you should be recieving a email about it soon with instructions on how to reset. In fact, if you try to login now, you will be prompted to reset your password after logging in. I was able to login with my old password and the password reset option came after that.

Evernote Password reset

It would have been better, if they had reset the old password (totally disabling the old password) as password reset was possible with old password which means all Evernote accounts old passwords are still valid.

Update:

Evernote just pushed a update to its Android App (v 4.5.5 now) in Google Playstore which addresses this security issue that requires you to reset your password.

0 comments… add one

Leave a Comment