Evernote pushes security awareness-raising software updates after hack attack - mcdonnellturper

After IT reset the passwords of some 50 million users, Evernote pushed updates to all its software products, according to a company spokesperson.

"We released updated versions of our applications across the board… to add messaging to alert users to update their accounts with new, secure passwords and to relieve oneself this process easier," Evernote's Ronda Scott aforesaid in an email.

"This is the single change we have made to the Evernote clients in reaction to this attack," she added.

Programs strained by the wide update included Evernote, Skitch, Penultima, Evernote Nutrient, Evernote How-do-you-do, Evernote Web Clipper ship, Evernote Intelligibly, and Evernote Peek.

Evernote reportedly identified hacking activity along its meshing along February 28, but it didn't alert its users of the security breach until March 2.

"Evernote's Operations & Surety team has discovered and blocked suspicious activenes on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service," Evernote's Dave Engberg wrote in a company blog that was also sent as an email to users.

"As a precaution to protect your data, we have decided to implement a password readjust," he added.

Thus far, Evernote hasn't released any information American Samoa to who might have been posterior the attack.

"Nary one has claimed responsibility," Dred Scott said. "Our intramural Trading operations & Security squad continues to investigate the details of this attack, including origin."

"Atomic number 3 this is current, it is untimely for us to comment on those details," she said. She did disclose, however, that the breach did not result from a exposure in any of the caller's applications.

"This blast did not win whatever of the Evernote applications or clients," she aforesaid.

At this point, it's still too archaeozoic to talking close to any protection changes the company may implement in response to the breach.

"Since we're still in the analysis phase of this, we're non able to comment along proximo protocol or security changes," she added.

In addition to continuous and aggressive monitoring of its systems for unusual activity patterns, Evernote protects drug user names and passwords with an encryption scheme known as "salted hash," which some breach fighters believe is inadequate.

"While password hashing and salting give the sack be effective at preventing attackers from working out your password should a company that stores that selective information get breached, it is far from solid security," writes security Scribe Brian Sir Hans Adolf Krebs.

"Evernote didn't say which outline IT was exploitation to hasheesh passwords, but the industry standard is a fairly weak approach in which a absolute majority of passwords tush be cracked in the nictitation of an eye with today's ready-made hardware," he added.

Evernote users—any World Wide Web user, actually—are well-advised to create effectual passwords and not to reuse them from site to site. That can be onerous to manage manually, but programs like OneID,KeePass, and RoboForm take so much of the painfulness knocked out of the outgrowth.