Evernote is requiring its nearly 50 million users to reset their passwords after the popular personal note-taking app became the latest high-profile victim of wide-scale hacking attempts. The breach follows malicious activity at Twitter, Facebook and others in recent weeks.
Phil Libin, Evernote’s CEO and founder, told TechCrunch in an email everything is running, although if you try to access the site things may not work as normal at the moment: “We just pushed out a password reset, so the servers are going to be saturated for a bit,” he wrote. “Everything is up, although response is choppy. There’s no threat to user data that we’re aware of.”
In a blog post, the company said that “individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords,” but that no payment details were accessed.
“We don’t store any user payment info, so no payment info can be compromised,” Libin told TechCrunch. Asked if this was in any way connected to what happened at Zendesk the other week (that breach affected several other sites), he said that is not yet know. “We don’t know about all the details at Zendesk, so it’s premature to comment on that.”
A spokesperson tells us that the suspicious activity was first noticed a couple of days ago, on February 28:
On February 28th, the Evernote Operations & Security team became aware of unusual and potentially malicious activity on the Evernote service that warranted a deeper look. We discovered that a person or persons had gained access to usernames, email addresses and encrypted user passwords. In our ongoing analysis, we have found no evidence that there has been unauthorized access to the contents of any user account or to any payment information of Evernote Premium and Evernote Business customers.
The spokesperson says that in addition to the blog, the company is sending out direct emails and social media.
“[We] encourage any user with questions or concerns to contact Evernote support directly,” she said.
Changes to passwords will need to be made across all Evernote apps that you may use, including Evernote Food, Evernote Business, and Evernote Hello.
With news of data breaches now happening on a regular basis, it remains to be seen what kind of an impact these breaches are going to have of overall consumer confidence of these services — the question is whether users will become desensitized to the idea, or whether they will turn away from them for more seemingly secure pastures. The fact that they continue to happen certainly does put a dark lining around some of the optimism we’ve seen about the evolution and promises of putting our life in the cloud.
Evernote allows users to capture, organize, and find information across multiple platforms. Users can take notes, clip webpages, snap photos using their mobile phones, create to-dos, and record audio. All data is synchronized with the Evernote web service and made available to clients on Windows, Mac, Web, and mobile devices. Additionally, the Evernote web service performs image recognition on all incoming notes, making printed or handwritten text found within images searchable.