Evernote hacked: Why you need to reset your password

Yesterday it was reported that Evernote the popular Web-based note-sharing service, had admitted that it had faced a possible security breach and  was asking nearly 50 million users to reset their passwords.

According to the Evernote blog,

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.

The blog also notes that even though hackers got access to the personal information of Evernote users, which includes passwords, the password themselves were protected by one-way encryption, i.e. they were hashed and salted.

It seems that as an extra security measure, Evernote is asking all users to reset their Evernote account passwords. To create a new one, go toevernote.com

Evernote has also asked users to follow some basic rules when it comes to creating a new password.

• Avoid using simple passwords based on dictionary words.
• Never use the same password on multiple sites or services.
• Never click on ‘reset password’ requests in emails — instead go directly to the service.

Evernote joins Facebook, Apple, Microsoft and Twitter who all recently revealed attack attempts. In all cases, the companies insisted that no user information was compromised.

firstpost