While none of the user passwords were stored in the clear, the fact that they may be in the hands of hackers (along with the corresponding user credentials) led Evernote to force a password reset for all its millions of users. Although neither billing information nor actual client notes were exposed in this breach, Evernote does acknowledge that some user account information - usernames, email addresses and encrypted passwords - was accessed. Visit for latest security news in Englishīesuchen Sie de.itsecuritynews.The drumbeat of corporate security issues pounds on, with hybrid cloud/local notekeeping service Evernote reporting this weekend that its internal security team "discovered and blocked suspicious activity" aimed at sensitive areas of Evernote's service. Written For: Sorin Mustaca on CybersecurityĬheck for seeing the consulting services we offer. © Copyright 2013 Sorin Mustaca, All rights Reserved.
I strongly suggest that if you had an account at Evernote you change your password now and use a strong password that you don’t use anywhere else. And, because many users re-use passwords for multiple sites, including for the email address itself, imagine the consequences of such a breach. With enough computation power it is not hard to get the plain text of all passwords. This means, that now they have the plain text password and its computed hash with salt. Imagine that if the attackers have also accounts at Evernote, they know their passwords. Even passwords with salt can be rather easily reversed because we are only talking about MD5. Simply hashing a password with salt is by far not enough anymore.
The only solution is to try to login on the website and click the link on top of the page (see marked with yellow):Ĭomparing the data breach with the ones at LinkedIn, Last.fm and others from last year, we can’t stop to wonder why Evernote didn’t learn from the mistakes of the others. If you wonder why you can’t login anymore to Evernote, this is the reason. The strange thing is that not all users received the notification per email. As a precaution to protect your data, we have decided to implement a password reset. This is how the nightmare of having a bad press starts:Įvernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.
0 kommentar(er)
