The site will also be releasing updates to several of their apps to help ease this password change process. Users can reset their Evernote account passwords by signing in then following the automated prompt. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (For a more detailed explanation of the techniques, see Ars Security Editor Dan Goodin's feature "Why passwords have never been weaker-and crackers never been stronger.") Despite the precaution, Evernote's decision to reset all the passwords remains a necessary precaution. The investigation has shown, however, that the individual (s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Do it using this free tool to find and help you remove exposed passwords, credit cards, bank and social security numbers in your email account, and keeping you safe. Start by checking if your email account has been hacked because most hacks start within your email. That can buy a security team time in the hours or days following the discovery of a breach. If your Evernote was hacked, there’s a good chance your email was too. "(In technical terms, they are hashed and salted.)"Įvernote's decision to cryptographically hash and salt this information is important in the wake of this digital break-in, because the technique makes the information slightly more time-consuming to crack. "Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption," the statement noted.
However, Evernote warned that user information-including usernames, cryptographically protected passwords, and e-mail addresses-were accessed. The advisory also stated that payment information wasn't accessed. In a security notice published Saturday, Evernote said the precautionary password reset came after an investigation found no evidence of any stored content being accessed, changed, or lost. Evernote is requiring each of its 50 million users to reset their login credentials after the site's security team detected a security breach that exposed password data and other personal information.