Evernote joins the notably hackable club
Password reset, so sorry, no customer data at risk
Evernote has joined the growing list of companies whose cloud-based services have suffered a serious security breach, announcing over the weekend that it had implemented a service-wide password reset after attackers accessed user information.
Happily, the company's announcement notes, the passwords accessed were salted hashes, which should mean they last longer than the passwords lifted from the Australian Broadcasting Corporation recently.
The user information accessed by the attackers also included user Ids and e-mail addresses.
All Evernote users were required to reset their passwords in case the attackers are able to recover passwords from the salted hashed list. The password reset will apply not only to Evernote logins, but to all apps that users have given access to their Evernote accounts.
Other major names to be hit in recent attacks include Apple, Facebook, Twitter and Microsoft, with a Java zero-day behind most of the vulnerabilities.
The company says the attack “appears to have been a coordinated attempt to access secure areas of the Evernote Service”.
The usual suggestion, that users choose strong passwords that they don't re-use, will no doubt be ignored by a small-but-significant number of Evernote's customers. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust