110799

Evernote - the latest Web property to get hacked

Twitter, Facebook, Zendesk, Apple, and Microsoft all saw security breaches in the last month

Technology trends and news by Steven Loeb
March 2, 2013 | Comments
Short URL: http://vator.tv/n/2ddd

Hacking is no joke, even if some of the less mature out there think that they can simply use it as a way to get attention. Since the beginning of February, a rash of major Internet properties have been seeing themselves become the victim of hackers, including Twitter, Facebook, Zendesk, Apple, and Microsoft. Now yety another big name website is coming forward to say that, it too, has become the victim of a hacker.

Note taking app Evernote has sent out a notification to all of its 48 million plus users to reset their passwords after  the company's Operations & Security team "discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service," it was announced in a blogpost Saturday. 

The good news is that company says that it did not find any evidence that any content that users stored on Evernote was accessed, changed or lost.

"We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed."

The hackers did, however, gain access to user information, including usernames, email addresses and encrypted passwords, though Evernote says that the passwords are "protected by one-way encryption" and that they are "hashed and salted." (In other words, they are harder to access.)

"As far as we can tell (and we spent a lot of effort looking into it) no user data was compromised. We think that they accessed the login information, including email addressed and encrypted passwords," Evernote CEO Phil Libin told VatorNews. 

Still, the company wants all of its users to get a new password, simply as a precaution.

"The passwords are all stored hashed and salted, so it should be extremely difficult to use them for anything, but since there's no way to guarantee that for all time in the future, we decided to invalidate all current passwords and do a system-wide password reset. This is a 'better safe than sorry' strategy since I think it's better to get way ahead of any potential security problems rather than trying to catch up later," Libin said.

There is also no indication, as of now, that Evernote's security breach is in any way related to the breaches suffered by the other Internet properties throughout February. 

"We don't know all the details about other companies' recent hackings, so it's too early to draw any conclusions about that," Libin said.

The company first noticed, and began to investigate, the suspicious activity on Thursday the 28th.

The Redwood City-based Evernote was founded in 2008. Since then the company has raised nearly $251 million, including a $70 million Series D round of funding at a $1 billion valuation in May 2012.

The company's entire customer base of around 48 million is made up of individuals, most of whom are business professionals. The company announced its business product in August 2012, and launched it in Decemeber.

Evernote business recently expanded to 26 new European markets.

(Image source: http://evernote.com/evernote)


Related companies, investors and entrepreneurs

Plogo_evernote_evernote_elephantlogo
Evernote
Startup/Business
Description: Our goal at Evernote is to give everyone the ability to easily capture any moment, idea, inspiration, or experience whenever they want us...
62756
Phil Libin
CEO,
Evernote
Bio: Phil Libin is the CEO of Evernote, the service that's helping millions of people worldwide remember everything of value in their daily li...

Related news


blog comments powered by Disqus