Evernote has this morning announced a rash of suspicious activity and is instituting a service-wide password reset.
In a post this morning on the company blog, team members called the activity “a coordinated attempt to access secure areas of the Evernote service.”
Evernote’s security team says it has found no evidence that user data, including stored content, was accessed. The company also confirmed that payment information for Evernote’s premium services was not compromised.
What the hackers were really after was usernames, email addresses, and passwords. Evernote says the information sought had been encrypted (hashed and salted). Even so, the service is asking its users to change their passwords.
To change yours, go directly to the Evernote site; don’t click on any links in any emails you may receive.
Also, your friendly neighborhood nerds at VentureBeat would encourage you to change your passwords for any accounts that shared the same login information as your Evernote account. Using duplicative login credentials across multiple sites is a big personal Internet security no-no, but we know enough of you do it.
These kinds of hacks are becoming more and more common. To thwart hackers and prevent online or financial identity theft, all us Internet folk should generally not be idiots about passwords, the first line of defense in online security. Get creative with your passwords, or better yet, use password management software such as 1Password.