Evernote Corporation is reporting that its service has been hacked, and that it will need to reset all of its 50 million users' passwords as a preventative measure.
Evernote is one of the most popular online note taking services. The Redwood City-based company revealed that the intrusion had affected sensitive customer information including an unspecified number of customer usernames, email addresses, and encrypted passwords.
"Our operations and security team caught this at what we believe to be the beginning stages of a sophisticated attack. They are continuing to investigate the details. We believe this activity follows a similar pattern of the many high-profile attacks on other internet-based companies that have taken place over the last several weeks."
However, a company representative noted that, "Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"
Decoding the encrypted information would be difficult, but as it is certainly not impossible, Evernote is requiring password changes for its entire user base. Users will be prompted to do this the next time they log in to the Evernote website. The company asks that if you need help with this, you should contact it via its online support webpage only.
It also recommends that you follow these three rules when creating your new password:
- Avoid using simple passwords based on dictionary words.
- Never use the same password on multiple sites or services.
- Never click on "reset password" requests in emails - instead, go directly to the service.
Additionally, the company stated it would be, "releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours."
Evernote added that it does not believe any data was tampered with, and that no payment information had been compromised in the intrusion.