Tuba Dave 0 Posted March 3, 2013 Posted March 3, 2013 Dear Evernote user,Evernote's Operations & Security teamhas discovered and blocked suspicious activity on the Evernote network thatappears to have been a coordinated attempt to access secure areas of theEvernote Service.As a precaution toprotect your data, we have decided to implement a password reset. Please readbelow for details and instructions.In our securityinvestigation, we have found no evidence that any of the content you store inEvernote was accessed, changed or lost. We also have no evidence that anypayment information for Evernote Premium or Evernote Business customers wasaccessed.The investigation has shown, however, that the individual(s)responsible were able to gain access to Evernote user information, whichincludes usernames, email addresses associated with Evernote accounts, andencrypted passwords. Even though this information was accessed, the passwordsstored by Evernote are protected by one-way encryption. (In technical terms,they are hashed and salted.)While our password encryption measures arerobust, we are taking steps to ensure your personal data remains secure. Thismeans that in an abundance of caution, we are requiring all users to reset theirEvernote account passwords. Please create a new password by signing into youraccount on evernote.com.Aftersigning in, you will be prompted to enter your new password. Once you have resetyour password on evernote.com, you willneed to enter this new password in other Evernote apps that you use. We are alsoreleasing updates to several of our apps to make the password change processeasier, so please check for updates over the next several hours.Asrecent events with other large services have demonstrated, this type of activityis becoming more common. We take our responsibility to keep your data safe veryseriously, and we’re constantly enhancing the security of our serviceinfrastructure to protect Evernote and your content.There are alsoseveral important steps that you can take to ensure that your data on any site,including Evernote, is secure:Avoid using simple passwords based on dictionary wordsNever use the same password on multiple sites or servicesNever click on 'reset password' requests in emails - instead go directly tothe serviceThank you for taking the time to read this. We apologize for theannoyance of having to change your password, but, ultimately, we believe thissimple step will result in a more secure Evernote experience. If you have anyquestions, please do not hesitate to contact Evernote Support.The Evernote Team Sorry if this is in the wrong place, but isn't this contradictory ?Normally a genuine email would address me by my LOGIN NAME as proof of it being a genuine email. I'm loving the product !!! Dave
Level 5 Wern 247 Posted March 3, 2013 Level 5 Posted March 3, 2013 Every user will get an email. But sending one to 50 Million+ users does not get done in a day.If you haven't gotten yours, it should come soon.
BurgersNFries 2,407 Posted March 3, 2013 Posted March 3, 2013 Sorry if this is in the wrong place, but isn't this contradictory ?Normally a genuine email would address me by my LOGIN NAME as proof of it being a genuine email. Don't you think hackers would be able to glean your user name??? Have you checked the hot threads on the message board? You may find these threads helpful: http://discussion.evernote.com/topic/35615-phishing-attach-underway-for-evernote-accounts/ http://discussion.evernote.com/topic/35560-how-evernote-should-have-responded-to-security-issue/?p=192841
Tuba Dave 0 Posted March 3, 2013 Author Posted March 3, 2013 Thanks for the quick reply ................... and the link. I'm only just in from work & hadn't even found this forum until now, so not had time to browse yet.Was just a bit concerned until I logged in via a web browser. Dave
Tuba Dave 0 Posted March 3, 2013 Author Posted March 3, 2013 Every user will get an email. But sending one to 50 Million+ users does not get done in a day.If you haven't gotten yours, it should come soon. Sorry, I should have mentioned, the quote was an email I just received.
BurgersNFries 2,407 Posted March 3, 2013 Posted March 3, 2013 Admittedly, the emails appeared "phishy". But as recommended in the first link, when in doubt, go directly to the website, rather than click links in emails. FWIW, I *never* click links in emails regarding security. Even ones from Evernote. ;-).
BurgersNFries 2,407 Posted March 3, 2013 Posted March 3, 2013 PS, in the second link, dlu (Evernote employee) explains why the hinky looking email links.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.