Out-Law News 1 min. read
04 Mar 2013, 12:36 pm
Evernote, which is a service provider which enables users to store and manage personal information, said that it would require users to reset their passwords as a "precaution" after its operations and security team had "discovered and blocked suspicious activity" on its network. It said the activity "appears to have been a coordinated attempt to access secure areas of the Evernote Service". The company is thought to have about 50 million users, according to a report by the BBC.
Evernote said that hackers had been able to compromise the security of its systems and gain access to users' information.
"In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost," the company said in an email to users and in a statement on its website. "We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords."
"Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.) While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords," it added.
Evernote apologised to users for requiring them to reset their passwords. It said, though, that it would bolster the security of its service for users. The company added that it takes personal data security "very seriously" and that it is "constantly enhancing the security of our service infrastructure to protect Evernote and your content".