In a post on Evernote's offical blog, the company said it has "discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service." While post author Dave Engberg said the company has "found no evidence that any of the content you store in Evernote was accessed, changed or lost," Evernote decided to require all users to reset their passwords.
Engberg explained that Evernote had "no evidence that any payment information" was stolen, but that usernames, email addresses and encrypted passwords were accessed. The encrypted passwords were both hashed and salted, Evernote said, so they should be very difficult to crack.
Nevertheless, in order to continue using their accounts, Engberg wrote, all users will have reset their passwords. That can be a hassle, of course, as many people use Evernote apps on multiple mobile devices as well as over the Web. Engberg said the company was working on app updates to ease the process.
Security Breaches Becoming More Common?
Evernote - a popular app for personal and professional productivity - is only the latest in an ongoing string of high-profile security breaches. Other recent victims include Twitter, Microsoft, NBC.com, the U.S. State Department, The New York Times, The Wall Street Journal, Bloomberg, Burger King and many others. It's not entirely clear to what extent the various breaches are connected, but the trend has to be worrisome to everyone from corporate security managers to consumers to everyday online consumers.
Without some resolution, security concerns could increasingly threaten the growth of the online economy.
(See also World War III Is Already Here - And We're Losing.)