dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
745

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

evernote systemwide forced password resets

Evernote has forced a password reset for all users.

Details here:

»evernote.com/corp/news/p ··· eset.php

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

Scoop-du-jour on Twitter
»venturebeat.com/2013/03/ ··· assword/

chachazz
Premium Member
join:2003-12-14

chachazz to dib22

Premium Member

to dib22
User information stolen in security breach
quote:
Popular note-taking service Evernote has reset all user passwords after information including usernames, email addresses, and encrypted passwords was stolen in a security breach.
The Verge: »www.theverge.com/2013/3/ ··· rd-reset
quote:
What's not good news is that the hackers now have access to** the usernames and email addresses of Evernote customers.
**50 million(?)... Naked Security: »nakedsecurity.sophos.com ··· -breach/

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

**50 million(?)...

Yep !
quote:
is requiring its nearly 50 million users to reset their passwords after the popular personal note-taking app became the latest high-profile victim of wide-scale hacking attempts.
TechCrunch article

therube
join:2004-11-11
Randallstown, MD

therube to dib22

Member

to dib22
(Since I didn't know, though it still doesn't tell me much. Suppose I'm a 50 Mil to 1 long shot .)

"Evernote makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web."

mouse
Premium Member
join:2007-03-29
australia

mouse to dib22

Premium Member

to dib22
Click for full size
still confused - have changed my password after logging in via the website.

I am now getting the attached Update request via the internal updater. While this type of update is quite normal for Evernote, I find it strange that they state " this update addresses a security issue to reset your password" but the otherwise listed improvements or fixes have nothing to do with it.
The reference to the blog is just the usual announcement as has been well documented. Anyone having a clearer understanding regarding this update?
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by mouse:

I am now getting the attached Update request via the internal updater.
[snip]
Anyone having a clearer understanding regarding this update?

They are releasing updates for all of their apps on all platforms to make the forced password change easier and more clear. The existing (previous) version just fails to login with no additional notice. For those that either had not yet received the email notification or did not read it that could be confusing.

For those that have already changed their password following the procedure in the notice this update will not have a noticeable impact now.

chachazz
Premium Member
join:2003-12-14

chachazz to dib22

Premium Member

to dib22
Evernote note service hacked – password reset mails worry users
quote:
Unfortunately, the Evernote emails were a potential gift for phishers as the click-through links in the email sent users to "http://links.evernote.mkt5371.com/", rather than directly to Evernote....

Sending out emails with a throw-away domain in the links doesn't help users adopt secure behaviour as it becomes harder to distinguish between a legitimate email and a phisher's email with the phisher's own throwaway domains. Evernote themselves say "Never click on 'reset password' requests in emails — instead go directly to the service",...

The incident has also brought previous issues with Evernote security to the fore, with some users complaining that Evernote's RC2-based content encryption was chosen for exportability rather than security and that the two-factor authentication that has been promised over the past year has not yet been implemented.
Full article at The H Security (Heise)

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to dib22

Premium Member

to dib22
Evernote shoots itself in foot over "never click on 'reset password' requests" advice
• »nakedsecurity.sophos.com ··· assword/

dib22
join:2002-01-27
Kansas City, MO

1 recommendation

dib22

Member

said by siljaline:

Evernote shoots itself in foot over "never click on 'reset password' requests" advice
• »nakedsecurity.sophos.com ··· assword/

now think of all the fancy metrics they will have on this one email

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

Evernote to adopt two-step authentication after security breach

HA Nut
Premium Member
join:2004-05-13
USA

HA Nut to dib22

Premium Member

to dib22
Thanks for the notice. I have an account and reset my password.

But to be honest, I have never really used Evernote. I have a couple of minor things sitting there, but really can't figure out much it's good for...