[News] Evernote has been hacked and forces you to reset your password

Evernote, a suite of software and services designed for note-taking and archiving, had announced early this morning (NZ time) that it had been hacked. It first noticed something strange on March 1st. Evernote has accessed the damage and has announced that customers’ email, username and password were exploited in the hack. It now joins Twitter, Apple, and Facebook on the list of tech companies hacked in recent weeks, also by malicious activity.

Evernote is now requiring its users of about 50 million, to reset their passwords after the popular personal note-taking app became the victim of the latest “hacking scheme.”

Evernote has said on a statement posted on their website that

“Evernote has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution to protect your data, we have decided to implement a password reset.”

The hackers had managed to access usernames, email addresses and encrypted passwords, but no payment details were accessed. Although it will take some time for the hackers to decrypt the passwords, Evernote has taken extra security precautions by adding in a password reset for everyone. To accommodate this, the company is also releasing app updates. Changes to passwords will need to be made across all Evernote apps that you may use, including Evernote Food, Evernote Hello, and Evernote Business.

A spokesperson tells TechCrunch the following:

On February 28th, the Evernote Operations & Security team became aware of unusual and potentially malicious activity on the Evernote service that warranted a deeper look. We discovered that a person or persons had gained access to usernames, email addresses and encrypted user passwords. In our ongoing analysis, we have found no evidence that there has been unauthorized access to the contents of any user account or to any payment information of Evernote Premium and Evernote Business customers.

The company claims they’ve found no evidence of user content being modified in any way, or lost, nor that payment info had been accessed by the hackers.

Comments