Evernote forces password resets after discovering suspicious hacking activity
Evernote, the popular cross-platform note-taking service, has issued a global password reset for all users following the discovery of suspicious activity described as a coordinated attempt to gain access to their system. In an email sent out to users by the company, Evernote said:
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking steps to ensure your personal data remains secure. This means that in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.
You can also read the Evernote Blog post on the issue for more.
This is only the latest such disclosure from a major online service provider. If you're not already, make sure you get a password manager app (I use 1Password, others like Lastpass, but there are many options). Then, make sure you have unique, robust passwords for every service you use. It might seem like a pain in the ass, but having your accounts compromised can be a nightmare. So do it.
If you're an Evernote user, go change your password now.
More: Evernote Blog