Evernote, the popular notetaking and archiving app, has announced on its official blog that its team has detected a coordinated attack to gain access to its servers. In an effort to preempt any attempt to retrieve user passwords, the team has decided to reset all of their users’ passwords, forcing them to make new ones before proceeding to use the service.
Evernote emphasizes that no user information, including payment information of Evernote Premium and Evernote Business customers, were accessed or altered. “The investigation has shown, however, that the (suspected hackers) were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords,” they add.
But if ever attackers are able to access the app’s user information, Evernote assures its customers that their passwords are “hashed and salted.” It means that the passwords are protected by one-way encryption, making them useless for hackers .
The measure took many Evernote users by surprise. Some were even suspicious that, because they did not read the notices posted on Evernote’s blog and other channels, the password reset could be a phishing attack.
Evernote also says updates will be released as soon as possible to address the attack. The team also advise the app’s users to keep their passwords secure, such as never use dictionary terms for passwords and never click on “reset password” resets on emails (especially if you did not ask for it).
Source: Evernote, via Information Week
