Evernote hack results in forced password change

West Chicago IT Support Solutions | Computer Support | PC SupportEvernote is a really cool app. I use it heavily in conjunction with David Allen’s “Getting Things Done” system to organize my day and achieve my goals. I also use it for more mundane tasks such as grocery lists. I use it on my PC, my iPad, and my Android phone – it syncs up between devices. I also managed to get my wife to buy into the shopping list idea and we now share a folder between our accounts, syncing the shopping lists to our respective phones. We use the handy checkbox feature to make lists for the various stores we frequent, checking things off as we place them in the cart. It’s very cool and I am no doubt the hippest, coolest shopper in the store. In fact I’m sure of it. But today things started to get wacky. I made my list, but my wife kept getting “enter your password” prompts when she started doing hers. Then I noticed that I was getting them too. I tried entering hers and then mine with no luck. Strange. Then I thought to myself “self, Twitter is the fastest news delivery service in the world, why not look there”. Sure enough, there were reports of the hacker incident, which reportedly occurred on February 28th 2013. In response, Evernote did a password reset on all of their users – nearly 50 million by some accounts. Wow. The solution is to log onto the Evernote site where you’ll be prompted to change your password. The hackers probably made off with usernames and email addresses. They also likely got away with the passwords, though they’re “hashed and salted”, which sounds like a good Midwestern breakfast. But I digress. “Hashed and Salted” means they may never be compromised, though the possibility does exist. No big deal now, you might say, since they won’t work with Evernote. Not so fast.
  • First, your Evernote email address and password might be the same email address and password you use everywhere else. That would stink.
  • Second, you can probably expect to get hammered with bogus Evernote password reset emails, directing you to fake forms that harvest your real password. That would stink.
  • Last but not least, the hackers may beat you to it and change your password before you do. That would really stink.
So now you know why Evernote appears to be broken. You need to hurry up and log onto their site to change your password – preferably to something stronger (numbers, letters, punctuation, etc.). You should also consider changing any other accounts (email, banking, etc.) that use the same username/password pairs. Last of all, reconsider storing sensitive information in Evernote, at least until they increase their security to something stronger – perhaps two-factor authentication.