Jump to content

(Archived) As a precaution to protect your data, we have decided to implement a password reset.


Recommended Posts

Posted

Dear Evernote user,

Evernote's Operations & Security team

has discovered and blocked suspicious activity on the Evernote network that

appears to have been a coordinated attempt to access secure areas of the

Evernote Service.

As a precaution to

protect your data, we have decided to implement a password reset. Please read

below for details and instructions.

In our security

investigation, we have found no evidence that any of the content you store in

Evernote was accessed, changed or lost. We also have no evidence that any

payment information for Evernote Premium or Evernote Business customers was

accessed.

The investigation has shown, however, that the individual(s)

responsible were able to gain access to Evernote user information, which

includes usernames, email addresses associated with Evernote accounts, and

encrypted passwords. Even though this information was accessed, the passwords

stored by Evernote are protected by one-way encryption. (In technical terms,

they are hashed and salted.)

While our password encryption measures are

robust, we are taking steps to ensure your personal data remains secure. This

means that in an abundance of caution, we are requiring all users to reset their

Evernote account passwords. Please create a new password by signing into your

account on evernote.com.

After

signing in, you will be prompted to enter your new password. Once you have reset

your password on evernote.com, you will

need to enter this new password in other Evernote apps that you use. We are also

releasing updates to several of our apps to make the password change process

easier, so please check for updates over the next several hours.

As

recent events with other large services have demonstrated, this type of activity

is becoming more common. We take our responsibility to keep your data safe very

seriously, and we’re constantly enhancing the security of our service

infrastructure to protect Evernote and your content.

There are also

several important steps that you can take to ensure that your data on any site,

including Evernote, is secure:

  • Avoid using simple passwords based on dictionary words
  • Never use the same password on multiple sites or services
  • Never click on 'reset password' requests in emails - instead go directly to

    the service

Thank you for taking the time to read this. We apologize for the

annoyance of having to change your password, but, ultimately, we believe this

simple step will result in a more secure Evernote experience. If you have any

questions, please do not hesitate to contact Evernote Support.

The Evernote Team

 

Sorry if this is in the wrong place, but isn't this contradictory ?

Normally a genuine email would address me by my LOGIN NAME as proof of it being a genuine email.

 

I'm loving the product !!!

 

Dave

  • Level 5
Posted

Every user will get an email. But sending one to 50 Million+ users does not get done in a day.

If you haven't gotten yours, it should come soon.

Posted

Sorry if this is in the wrong place, but isn't this contradictory ?

Normally a genuine email would address me by my LOGIN NAME as proof of it being a genuine email.

 

 

Don't you think hackers would be able to glean your user name???

 

Have you checked the hot threads on the message board? 

 

You may find these threads helpful:

 

http://discussion.evernote.com/topic/35615-phishing-attach-underway-for-evernote-accounts/

 

http://discussion.evernote.com/topic/35560-how-evernote-should-have-responded-to-security-issue/?p=192841

 

Posted

Thanks for the quick reply ................... and the link.

 

I'm only just in from work & hadn't even found this forum until now, so not had time to browse yet.

Was just a bit concerned until I logged in via a web browser.

 

Dave

Posted

Every user will get an email. But sending one to 50 Million+ users does not get done in a day.

If you haven't gotten yours, it should come soon.

 

Sorry, I should have mentioned, the quote was an email I just received.

Posted

Admittedly, the emails appeared "phishy". But as recommended in the first link, when in doubt, go directly to the website, rather than click links in emails. FWIW, I *never* click links in emails regarding security. Even ones from Evernote. ;-).

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...