“That’s a technique commonly used in a normal marketing email communications, but looks very out of place in an email about a security breach which tries to hammer home the point to ‘Never click on reset-password requests in emails,” he said. Cluley wrote that this is a service Evernote is likely using to track how many of its users changed their passwords and says not to worry. He argued that their message – warning users not to click phony security e-mails while sending out a security e-mail of their own – could confuse users.Ĭomplicating matters is that the legitimate Evernote e-mail pushes users first to a website with the domain name “mkt5371” before taking them to Evernote itself. This allows them to be accessed from multiple computers and other devices.Įvernote warned users of the possibilities Cluley noted. Like many services, Evernote stores data on remote servers instead of the user’s computer. “And, of course, it’s another cautionary tale about the risks which can exist with trusting the cloud to look after your personal information.” It is easy to imagine how this information could be abused – for instance, the hackers could send out spam emails to those users claiming to come from Evernote, and trick them into visiting a malicious website. “What’s not good news,” he wrote, “is that the hackers now have access to the usernames and email addresses of Evernote customers. Sophos Security analyst Graham Cluley said in a blog post that it remains unclear how long the hackers had access to Evernote and how they managed to get in.
Evernote hacked account password#
But the hackers were able to access user information, including user names, e-mail addresses and encrypted passwords.Įvernote said the encryption coding they use to protect passwords is “robust,” but still sent the password warning to users of the service, which is popular among college students and others who rely on taking notes for later use. The company said no user content or financial information was accessed. In a blog post, the California-based company said its security team “has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.”
The online note-taking and archiving service began requiring its 50 million users to reset their passwords Saturday after announcing it was the victim of a security breach, making it the latest tech company in recent weeks to fall victim to hackers. Tens of millions of online note-takers found themselves worrying about their security Monday, as questions remained about a weekend hack of Evernote. Still no word Monday on how long hackers had access Popular note-taking tool says no user content, financial info was accessedĮvernote joins Apple, Microsoft, Twitter, Facebook and others in recent hacks
Tens of millions changing passwords after Evernote was hacked
0 kommentar(er)
