Evernote is hacked and passwords are stolen


After many famous companies admitting that they have been hacked, it is now the turn of Evernote, the market leader in note taking apps. In a post on the official blog, the developers revealed that they “discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.”

Though the developers maintain that no accounts or information was compromised, they have made it mandatory for users to change their passwords. So if you use Evernote, it is best login and change your password as soon as possible. Take note you cannot change your password from within an Evernote app — you must do it directly from Evernote.com.

It looks like Evernote’s defenses were compromised sometime last week, though the developers have staunchly maintained that no financial information was compromised and passwords are safe since they were hashed and salted and not in plain-text. We still don’t know how the hacker got access inside.


As always the company reminds you to:

  • Avoid using simple passwords based on dictionary words.
  • Never use the same password on multiple sites or services.
  • Never click on “reset password” requests in emails — instead, go directly to the service.

The California-based company is not alone in this mess. As I just mentioned, this comes in the wake of many high profile companies like Apple, Twitter, Microsoft, and NBC.com being hacked. Security breaches, it seems, are becoming more and more common. What are your opinions in this sudden rise of attacks? Do comment.

[via Evernote]

Related Posts

  • Bub

    Also, kudos for Evernote for properly hashing and salting passwords. As you may remember, this was LinkedIn’s mistake; they didn’t bother to salt their passwords, making their database far more vulnerable to a brute-force attack.

  • jayesstee

    [@jayesstee] “attemptes” should be “attempted”
    Can’t wait for Ashraf to fix the edit function!

  • jayesstee

    [@Tom] Yep I agree, Evernote’s reaction was professional and timely.
    Is there sharp rise in these attacks?   Or are the site owners becoming more savvy and/or honest with there clients?
    Ten years (or so) ago the pundits were telling the politicians that ‘information’ would be the commodity of the future, implying that it would be valuable.   Anything valuable is open to attemptes theft!

  • Tom

    Kudos to Evernote for proactively resetting passwords. Unfortunately I didn’t receive their email notice, but after futzing around with my desktop app, I went to the web interface and found out what had happened.