Evernote is hacked, claims user data 'should' be safe
I am sure I am not alone when I say that Evernote is one of my favorite services. It makes life so much easier -- I can write a note on my PC and then see it on my phone when I am out. I can add an item to a shopping list and it appears on my wife's phone while she is in the store. There are all sorts of cool possibilities. But, if you visit the service today then you may be in for a bit of a surprise.
When you try to log into the site you will be taken to a prompt that asks you to please change your password -- no you did not enter your login credentials wrong. The service announced this morning that it was hacked. Dave Engberg of Evernote posted the bad news, while also trying to reassure customers that there is really nothing to worry about and that the password change is simply precautionary.
"Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service".
Engberg goes on to assure "in our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed".
However, the company did find that the attackers were able to gain access to Evernote user information, which includes usernames, email addresses associated with accounts and also encrypted passwords. Engberg continues to resassure: "Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption". The company claims that it is only forcing users to change current passwords as a measure of extra security.
The announcement wraps up with the usual plea to users about secure passwords -- do not use dictionary words, never use the same password on multiple sites, and the other warnings generally associated with these events.
Upon hearing this news, I immediately visited my own account and, sure enough, was prompted to change my password. I store nothing of importance there -- the hackers are welcome to my family's grocery list. I would ask them only to buy some of it for us if, for some reason, they did gain access.