After a series of hacking attempts against big companies like EADS, ThyssenKrupp, Apple, Microsoft and Facebook, the next appears on the list: Evernote, a cloud service provider to store and organize personal data like pictures, webseites, video files and notes. Once stored on the cloud servers of the company, the user is able to access his content by simply login in his personal account. Worldwide and from each internet connected device.
After a hacking attempt, the company now announced a press release, telling that each of its 50 million customer will get forced to change his passphrase with the next login into his account and to choose a new one.
According to Evernote, the attackers were able to steal user names, email addresses and encrypted passphrases. But they were unable to access, change or delete any stored customer content, due to the fact that the passwords are protected by one-way encryption. Additionally it has been clarified that the company has „no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed“.
Important security advisory: Although the company claims, that the stolen login data have been encrypted (hashed & salted), we’d like to encourage you to seriously check, whether you have choosen the same passphrase for other logins, like email accounts and to change them, too! It can be not garanteed that the passphrases can be „re-calculated“ by brute forcing the algortithm. Furthermore we’d like to advice that you never should choose the same passphrase for different accounts.