Evernote has begun to notify all users by email of the breach, though the company is confident that data itself is safe. “The passwords stored by Evernote are protected by one-way encryption” Evernote said, “in technical terms, they are hashed and salted.”
Exactly how the hack took place has not been revealed, though Evernote says its Operations & Security team is still investigating. However, it’s believed to be “a coordinated attempt” to steal, change, or delete user-data.
Evernote insists that its “password encryption measures are robust” but says also that it is “taking additional steps” to bolster security, of which forcing a password change is part of it. The company also suggests people choose more complex passwords, avoiding dictionary words, and don’t use the same password across multiple sites or services.
“On February 28th, the Evernote Operations & Security team became aware of unusual and potentially malicious activity on the Evernote service that warranted a deeper look. We discovered that a person or persons had gained access to usernames, email addresses and encrypted user passwords. In our ongoing analysis, we have found no evidence that there has been unauthorized access to the contents of any user account or to any payment information of Evernote Premium and Evernote Business customers” Evernote spokesperson
Exactly how the hack took place has not been revealed, though Evernote says its Operations & Security team is still investigating. However, it’s believed to be “a coordinated attempt” to steal, change, or delete user-data.
Evernote insists that its “password encryption measures are robust” but says also that it is “taking additional steps” to bolster security, of which forcing a password change is part of it. The company also suggests people choose more complex passwords, avoiding dictionary words, and don’t use the same password across multiple sites or services.
No comments:
Post a Comment