NEWS
NEWS
NEWS
Evernote Hacked, Enforces Password Change for 50 Million Users
Evernote, the popular Internet-based note-taking service, has posted an advisory that it has been subject to a security breach that they believe allowed hackers to infiltrate and take usernames, associated e-mail addresses and encrypted passwords of the 50 million users who are registered.
In addition to the advisory, Evernote users will be asked to reset their passwords immediately–a heavy-handed but fitting precaution to keep their users safe from potential harm. If you have not logged into your account since Friday, be sure to do so and get your password changed immediately.
“While our password encryption measures are robust,” writes Evernote in the advisory, “we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”
Also in good form, Evernote stores passwords in an encrypted hashed and salted form and that’s what attackers absconded with. In the past we’ve seen situations where attackers pilfered poorly encrypted passwords (as in LulzSec’s June 2011 rampage) and that leaves a multitude of users instantly vulnerable to attack against other services they might be subscribed to. However, even salted-and-hashed, encrypted passwords can still be decrypted, it will just take the attackers longer to do so—this gives crisis management time to allow users to get their passwords changed and squared away.
Evernote cautions users with standard security advice: avoid using simple dictionary-based passwords (to avoid cracking), never use the same password across multiple services (especially not with the same username/e-mail), and never click on “change password” from an e-mail, instead go to the service itself and use their page directly (to avoid spear-phishing attempts.)
These sorts of attacks by hackers have had the appearance of accelerating of late (with hits to services such as Twitter, LinkedIn, Instagram etc.), but by and large they’ve been at about the same base rate. Companies who get hacked have simply had the better sense of notifying their customers, LulzSec and others have made the activity famous by releasing publicly the fruits of their exploits, and the media has been shining a brighter light on the subject.
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
