This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Evernote forced to reset user passwords after security scare

Share this article:
Evernote forced to reset user passwords after security scare
Evernote forced to reset user passwords after security scare

Web application Evernote has been forced to reset 50 million passwords after it discovered and blocked suspicious activity on its network.

According to a blog post, it said that this was "a coordinated attempt to access secure areas of the Evernote Service" and despite no stored or payment information being accessed, it has implemented a password reset as a precaution.

It said: “The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”

Following recent events, Evernote said that it takes its responsibility to keep user's data safe very seriously, and it is "constantly enhancing the security of our service infrastructure to protect Evernote and your content".

“We apologise for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience,” it said.

In a blog post, security blogger Mark Percival said that Evernote has often failed when it comes to security. It failed to deliver two-factor authentication, which was promised six months ago, and uses 64bit RC2 for encrypting notes.

Ross Brewer, vice president and managing director of international markets at LogRhythm, said: “It's disappointing to think that as an industry, it seems very few lessons have been learned since then – organisations of all sizes are still relying all too heavily on traditional point security tools such as encryption and anti-virus solutions, which have repeatedly proven their limitations.

“With cyber attacks becoming increasingly frequent and sophisticated, today's organisations must be constantly aware of the evolving cyber threat - ditching the common and outdated reactive approach to security – if they are to have any hope at protecting themselves. As such, companies need to start introducing mechanisms that give context to data and facilitate a deeper understanding of all network activity in real-time.

“To truly learn from these high-profile breaches, organisations need to deploy mechanisms for proactive, continuous monitoring of IT networks to ensure that even the smallest anomaly can be detected before it becomes a bigger problem for all. Only then will they gain that critical level of insight needed to effectively address data breaches.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.