Evernote Hacked - Millions Must Change Passwords

With Twitter, Microsoft, Apple and Facebook having been hit by hackers in the last few months, now it is Evernote’s turn. The company has announced that around 50 million users' personal data was compromised during a security breach on the first weekend of March. The users affected were informed about it in an email sent by the Evernote, asking them to reset their passwords. Evernote reported that the hackers tried to access secure areas of the service, but luckily they have not succeeded. Unfortunately, the hackers got their hands on millions of usernames, email addresses and passwords.

Although the information stored by users on Evernote has not been compromised, the stolen email addresses can be used by hackers to send out spam emails, urging users to click on embedded links. The links embedded in spam emails usually lead to corrupted websites that are instrumental in malware distribution. It is worrying in particular, because spam emails might get mixed up with the official emails from Evernote. It is especially confusing, because Evernote is sending out emails as well, saying that users should not click on links that urge them to change their passwords, while the company is doing the same thing!


According to Sophos Security analyst Graham Cluley, the thing that complicates everything is the fact that legitimate emails from Evernote redirect users to a domain called “mkt5371” before landing them on the official Evernote page. It might look especially suspicious to some users. However, the security analyst says that this tactics is often used by companies for marketing email communication – by redirecting users to the previously mentioned domain; Evernote checks how many users have reset their passwords.

Evernote is a cloud service launched in 2008. It allows users to store images, documents and notes on an online server. With a constantly growing number of users it is clear that such companies as Evernote have to invest heavily into system security, because personal user information becomes the main target of a possible hack attack. Consequently, the commonly reoccurring hacks once again make users more cautious about entrusting their personal data to a cloud service.

source: http://www.newsy.com/

Leave a Comment

Enter the numbers in the box to the right *