Home page logo

dataloss logo Data Loss mailing list archives

Evernote Security Notice: Service-wide Password Reset (fwd)
From: security curmudgeon <jericho () attrition org>
Date: Sat, 2 Mar 2013 19:28:32 -0600 (CST)

---------- Forwarded message ----------
From: Evernote Team <team () email evernote com>
Date: Sun, 3 Mar 2013 01:17:30 +0000 (GMT)
Subject: Evernote Security Notice: Service-wide Password Reset

Dear Evernote user,

Evernote's Operations & Security team has discovered and blocked 
suspicious activity on the Evernote network that appears to have been a 
coordinated attempt to access secure areas of the Evernote Service. As a 
precaution to protect your data, we have decided to implement a password 
reset. Please read below for details and instructions.

In our security investigation, we have found no evidence that any of the 
content you store in Evernote was accessed, changed or lost. We also have 
no evidence that any payment information for Evernote Premium or Evernote 
Business customers was accessed. In short, we do not think that any 
confidential user data has been compromised.

The investigation has shown, however, that the individual(s) responsible 
were able to gain access to Evernote user information, which includes 
usernames, email addresses associated with Evernote accounts and encrypted 
passwords. Even though this information was accessed, the passwords stored 
by Evernote are protected by one-way encryption. (In technical terms, they 
are hashed and salted.)

While our password encryption measures are robust, we are taking steps to 
ensure your personal data remains secure. This means that in an abundance 
of caution, we are requiring all users to reset their Evernote account 
passwords. Please create a new password by signing into your account on 

After signing in, you will be prompted to enter your new password. Once 
you have reset your password on Evernote.com, you will need to enter this 
new password in other Evernote apps that you use. We are also releasing 
updates to several of our apps to make the password change process easier, 
so please check for updates over the next several hours.

As recent events with other large services have demonstrated, this type of 
activity is becoming more common. We take our responsibility to keep your 
data safe very seriously, and we?re constantly enhancing the security of 
our service infrastructure to protect Evernote and your content.

There are also several important steps that you can take to ensure that 
your data on any site, including Evernote, is secure:

- Avoid using simple passwords based on dictionary words
- Never use the same password on multiple sites or services
- Never click on 'reset password' requests in emails - instead go directly to the service

Thank you for taking the time to read this. We apologize for the annoyance 
of having to change your password, but, ultimately, we believe this simple 
step will result in a more secure Evernote experience. If you have any 
questions, please do not hesitate to contact Evernote Support at 

The Evernote Team

Evernote Corporation, 305 Walnut Street, Redwood City, CA 94063, USA

Unsubscribe > [url]

Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • Evernote Security Notice: Service-wide Password Reset (fwd) security curmudgeon (Mar 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]