(In technical terms, they are hashed and salted.)Įvernote reminded users to "never click on 'reset password' requests in emails-instead go directly to the service." However, as Naked Security's Graham Cluley pointed out, "Uh-oh, in the same email that Evernote tells users not to click on 'reset password' requests sent via email, they have clickable links.
Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.
We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. Yet the company maintains this forced service-wide password change is a "precaution to protect your data."Īccording to Evernote's security notice, "Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service."
#Evernote suspicious activity software#
The cloud-based note-syncing and productivity software service Evernote announced that attackers gained access to accounts' usernames, email addresses and passwords, so 50 million Evernote customers are required to change their passwords.