Almost every big service on the web is getting hit by hackers who are trying to hack into popular web services. Some of the major services that got hit recently include big organizations, including Twitter, Apple, Microsoft, Facebook and Oracle (with their Java platform). Today, it is turn of Evernote to report a similar security breach.
Good News First
Evernote today announced a similar attempt by hackers to their popular service. The good news about this security breach or attempted security breach is that hackers were unable to neither access, change or delete any of the user’s stored content nor any payment information for Evernote Premium or Evernote Business customers.
But the bad news is that the hackers were able to gain access to data like Evernote user information, which includes
- email addresses associated with Evernote accounts and
- encrypted passwords (Even though the passwords stored by Evernote are protected by one-way encryption i.e. they are hashed and salted.)
As a security measure, Evernote is resetting passwords of all users and you should be recieving a email about it soon with instructions on how to reset. In fact, if you try to login now, you will be prompted to reset your password after logging in. I was able to login with my old password and the password reset option came after that.
It would have been better, if they had reset the old password (totally disabling the old password) as password reset was possible with old password which means all Evernote accounts old passwords are still valid.