Evernote Issues Service-Wide Password Reset Over Security Breach

Evernote has issued a service-wide password reset as a precaution for its entire user base this morning after it was discovered hackers had attempted to access secure parts of their servers. The infiltrators were able to gain access to user information such as usernames, emails and encrypted passwords.

According to the Evernote blog:

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.

Evernote’s CEO and founder Phil Libin told TechCrunch no data or payment details were accessed:

“We just pushed out a password reset, so the servers are going to be saturated for a bit,” he wrote. “Everything is up, although response is choppy. There’s no threat to user data that we’re aware of.”

A spokesperson said the breach was first discovered on February 28th. Looks like now would be a good time to change your password, along with almost 50 million other Evernote users.