Evernote Latest Hacking Victim Among US-Based Firms In 2013

Add the privately held Evernote Corp. to the growing list of U.S.-based information-technology outfits targeted by hackers this year.The Redwood City, Calif.-based company's eponymous flagship offering is a cross-platform, multipurpose application about 50 million consumers and 2,000 businesses employ to share myriad content -- such as oral and written notes, photographs, and Web clips -- on both mobile and immobile online devices: For example, it allows a devotee of the Apple Inc. (NASDAQ:AAPL) line of IT products to easily access such content on an iPad, iPhone, and iMac."Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service," Dave Engberg, the company's chief technology officer, blogged in a post Saturday."As a precaution to protect your data, we have decided to implement a password reset," Engberg said.Describing the password-reset process, Engberg said: "After signing in, you will be prompted to enter your new password. Once you have reset your password … you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier."Engberg noted: "As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we're constantly enhancing the security of our service infrastructure to protect Evernote and your content."Among the corporate owners of other large services targeted by hackers in 2013 are Apple, the Bank of America Corp. (NYSE:BAC), and Facebook Inc. (NASDAQ:FB), as well as the privately held Twitter Inc.

Cyberattack victims this year also include the U.S. Federal Reserve, the U.S. Justice Department Sentencing Commission, and multiple media outlets.

According to Evernote's Engberg: "In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed, or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed."However, he said: "The investigation has shown … that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"Engberg also advised all online users to follow these three important steps to ensure their data is comparatively secure on any site, including Evernote:1. Always avoid using simple passwords based on dictionary words.2. Never use the same password for multiple services or sites.3. Never click on "Reset password" requests in email messages: Instead, go directly to the relevant service to reset a password.

Share this article