 dib22
join:2002-01-27
Kansas City, MO | evernote systemwide forced password resets Evernote has forced a password reset for all users.
Details here:
»evernote.com/corp/news/password_reset.php |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
 ·Bell Sympatico
| Scoop-du-jour on Twitter
»venturebeat.com/2013/03/02/evern···assword/
--
She shills sea shills by the Sea Shore. |
|
| reply to dib22
User information stolen in security breach quote:
Popular note-taking service Evernote has reset all user passwords after information including usernames, email addresses, and encrypted passwords was stolen in a security breach.
The Verge: »www.theverge.com/2013/3/2/405670···rd-reset
quote:
What's not good news is that the hackers now have access to** the usernames and email addresses of Evernote customers.
**50 million(?)... Naked Security: »nakedsecurity.sophos.com/2013/03···-breach/ |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| Yep ! quote:
is requiring its nearly 50 million users to reset their passwords after the popular personal note-taking app became the latest high-profile victim of wide-scale hacking attempts.
• TechCrunch article
--
She shills sea shills by the Sea Shore. |
|
|
|
 therube
join:2004-11-11
Randallstown, MD | reply to dib22
(Since I didn't know, though it still doesn't tell me much. Suppose I'm a 50 Mil to 1 long shot  .)
"Evernote makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web." |
|
 mousePremium
join:2007-03-29
australia | reply to dib22
still confused - have changed my password after logging in via the website.
I am now getting the attached Update request via the internal updater. While this type of update is quite normal for Evernote, I find it strange that they state " this update addresses a security issue to reset your password" but the otherwise listed improvements or fixes have nothing to do with it.
The reference to the blog is just the usual announcement as has been well documented. Anyone having a clearer understanding regarding this update? |
|
| said by mouse:I am now getting the attached Update request via the internal updater.
[snip]
Anyone having a clearer understanding regarding this update? They are releasing updates for all of their apps on all platforms to make the forced password change easier and more clear. The existing (previous) version just fails to login with no additional notice. For those that either had not yet received the email notification or did not read it that could be confusing.
For those that have already changed their password following the procedure in the notice this update will not have a noticeable impact now. |
|
| reply to dib22
 Evernote note service hacked – password reset mails worry users
quote:
Unfortunately, the Evernote emails were a potential gift for phishers as the click-through links in the email sent users to "http://links.evernote.mkt5371.com/", rather than directly to Evernote....
Sending out emails with a throw-away domain in the links doesn't help users adopt secure behaviour as it becomes harder to distinguish between a legitimate email and a phisher's email with the phisher's own throwaway domains. Evernote themselves say "Never click on 'reset password' requests in emails — instead go directly to the service",...
The incident has also brought previous issues with Evernote security to the fore, with some users complaining that Evernote's RC2-based content encryption was chosen for exportability rather than security and that the two-factor authentication that has been promised over the past year has not yet been implemented.
Full article at The H Security (Heise) |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to dib22
Evernote shoots itself in foot over "never click on 'reset password' requests" advice
• »nakedsecurity.sophos.com/2013/03···assword/ |
|
dib22
join:2002-01-27
Kansas City, MO | now think of all the fancy metrics they will have on this one email  |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | Evernote to adopt two-step authentication after security breach |
|
 HA NutPremium
join:2004-05-13
USA | reply to dib22
Thanks for the notice. I have an account and reset my password.
But to be honest, I have never really used Evernote. I have a couple of minor things sitting there, but really can't figure out much it's good for... |
|
