Evernote resets all passwords following security breach

Popular note-taking service Evernote has reset all user passwords after information including usernames, email addresses, and encrypted passwords was stolen in a security breach.

Ruh-roh!

Before you freak out, though, know that the passwords were hashed and salted, so you probably don’t face any immediate danger. Still, make sure to reset your Evernote password as soon as you can.



  • Bill Cole

    No need for Evernote users to make sure they reset their passwords as soon as they can. Evernote has already done that for them.

    Will that be an inconvenience. Yes, it surely will be. Welcome to sound security practices: they are inconvenient.

    • http://twitter.com/DumaStudetto Duma Studetto

      I think there is still an urgent need to change passwords. Evernote is still authenticating against the old password and hash on the website. You need to login to the website to change your password before you can use your evernote clients again to pull data. So if a hacker cracks your password, they can login to evernote website, change your password, and then retrieve all your data.

  • http://twitter.com/scottnelle Scott Nellé

    Glad I read this before I opened Evernote, because the software didn’t offer an explanation. It just told me ‘my password seems to have changed.’