BreachExchange mailing list archives
Evernote resets all passwords after user information stolen in security breach
From: security curmudgeon <jericho () attrition org>
Date: Sat, 2 Mar 2013 11:44:11 -0600 (CST)
http://www.theverge.com/2013/3/2/4056704/evernote-password-reset Evernote resets all passwords after user information stolen in security breach By Louis Goddard on March 2, 2013 11:28 am Popular note-taking service Evernote has reset all user passwords after information including usernames, email addresses, and encrypted passwords was stolen in a security breach. A post on the service's official blog . currently experiencing loading problems . emphasises that no content was either "accessed, changed, or lost," but advises users that they will be prompted to choose a new password next time they log in, and provides advice on selecting a secure word or phrase. The passwords taken in the breach were both hashed and salted, meaning that they should be protected from all but the most dedicated cracking attempts, but the blog post does not explain which encryption algorithm was used. According to an email from Evernote, "unusual and potentially malicious activity" was first detected by the company's security team on February 28th. Evernote plans to release updates to its native apps for various platforms "over the next several hours" in an attempt to smooth out the password reset process for all users. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Evernote resets all passwords after user information stolen in security breach security curmudgeon (Mar 04)