Evernote’s been hacked, and the social collaboration service has revealed to users in a new security update post that they are the latest social company to have been effected in a string of “sophisticated” hacker attacks — including big names like Facebook and Twitter.
As Evernote is hacked, the company has released a lengthy statement to concerned users who rely on the service to explain what measures are necessary after the breach. In a note about the breach, titled “Security Notice: Service-wide Password Reset,” the company admits that Evernote’s Operations & Security team “discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.”
The note continues, explaining the extent of how Evernote was hacked:
As a precaution to protect your data, we have decided to implement a password reset … In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.
The post explains:
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
Toward the end, Evernote adds:
As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content.
Finally, the service concludes:
Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support.
Evernote says after they were hacked that the attack “follows a similar pattern” when compared with the Twitter and Facebook hacks in recent weeks.