Almost every big service on the web is getting hit by hackers who are trying to hack into popular web services. Some of the major services that got hit recently includeÂ big organizations, including Twitter, Apple, Microsoft, Facebook and Oracle (with their Java platform). Today, it is turn of Evernote to report a similar security breach.
Good News First
Evernote today announced a similar attempt by hackers to their popular service. The good news about this security breach or attempted security breach is that hackers were unable to neitherÂ access, change or delete any of the user’s stored content Â nor any payment information for Evernote Premium or Evernote Business customers.
But the bad news is thatÂ Â the hackers were able to gain access to data likeÂ Evernote user information, which includes
- email addresses associated with Evernote accountsÂ and
- encrypted passwords (Even though theÂ passwords stored by Evernote are protected by one-way encryption i.e. they are hashed andÂ salted.)
As a security measure, Evernote is resetting passwords of all users and you should be recieving a email about it soon with instructions on how to reset. In fact, if you try to login now, you will be prompted to reset your password after logging in. I was able to login with my old password and the password reset option came after that.
It would have been better, if they had reset the old password (totally disabling the old password) as password reset was possible with old password which means all Evernote accounts old passwords are still valid.
Evernote just pushed a update to its Android App (v 4.5.5 now) in Google Playstore whichÂ addresses this security issue that requires you to reset your password.