Evernote resets all passwords after user information stolen in security breach

[security curmudgeon <jericho () attrition org>]

http://www.theverge.com/2013/3/2/4056704/evernote-password-reset

Evernote resets all passwords after user information stolen in security 
breach
By Louis Goddard on March 2, 2013 11:28 am

Popular note-taking service Evernote has reset all user passwords after 
information including usernames, email addresses, and encrypted passwords 
was stolen in a security breach. A post on the service's official blog . 
currently experiencing loading problems . emphasises that no content was 
either "accessed, changed, or lost," but advises users that they will be 
prompted to choose a new password next time they log in, and provides 
advice on selecting a secure word or phrase.

The passwords taken in the breach were both hashed and salted, meaning 
that they should be protected from all but the most dedicated cracking 
attempts, but the blog post does not explain which encryption algorithm 
was used. According to an email from Evernote, "unusual and potentially 
malicious activity" was first detected by the company's security team on 
February 28th. Evernote plans to release updates to its native apps for 
various platforms "over the next several hours" in an attempt to smooth 
out the password reset process for all users.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.