Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evernote Security Compromised

Posted by Soulskill on from the 12345-to-123456 dept.

starburst writes "Another online company has had its security compromised. Today Evernote posted on their blog that they're issuing a service-wide password reset because of suspicious activity on their network. They say an unknown intruder gained access to usernames, email address, and encrypted passwords. Even though the passwords were hashed and salted, they're doing the password reset as a precautionary measure. Nevertheless, it's a good reminder to keep a close eye on who you keep your data with in the cloud. Nothing is totally secure; it's always a compromise between security and convenience."

7 of 104 comments (clear)

  1. Right to be deleted by mescobal · · Score: 5, Insightful

    I tried to get my account deleted: the say they can't (!!!!). There's an option to "deactivate" my account. We need laws enforcing our right to disappear from a service.

    --
    La culpa no es del chancho...
    1. Re:Right to be deleted by bfandreas · · Score: 5, Insightful

      And people still laugh when Germany pushes for laws that require companies to give you a big "FORGET ME NOW" button.

      --
      20 minutes into the future
  2. Re:And Evernote Is? by Scutter · · Score: 4, Insightful

    If you don't know what it is, then you probably don't need to worry that it's been compromised. But if you absolutely must know, then it's literally the first page of hits on Google.

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  3. Re:Control the encryption layer by bfandreas · · Score: 5, Insightful

    The better approach is to cloud only stuff you could as well put in the pub directory of an FTP server.
    If you work under the assumption cloud == public then you will do no wrong.

    ...which makes Truecrypt an exercise in self defeat. I'd rather have my passwords encrypted on my own person instead of on a public directory.

    To whoever cracked Evernote:
    Now that you have my groceries lists you could do the decent thing and go to the shops. Also bring beer. Cheers, mate.

    --
    20 minutes into the future
  4. Re:Shocking... by u38cg · · Score: 5, Insightful

    Not the worst breach I've ever seen, but a couple of stupid things still. Not least, the reset email linked you to http://links.evernote.mkt5371.com/ctt?kn=4&ms=NTcwNzMxMwS2&r=blahblahblah. I actually presumed it was a high quality phishing attempt and flagged it as spam. Later down the same email they advised "Never click on 'reset password' requests in emails - instead go directly to the service"...

    --
    [FUCK BETA]
  5. Re:Shocking... by nametaken · · Score: 4, Insightful

    Yeah I really have no problem with this. Everyone gets broken into eventually. Actually noticing that it happened, what precautions you've taken, and how you handle it with your customers, is how I judge your company and service.

    Evernote seems to have done what you should do in a situation like this.

  6. Re:And Evernote Is? by crashumbc · · Score: 4, Insightful

    It also used to be a "geek" site...

    If you don't know what Evernote is, and if you can't use google, well maybe /. isn't the problem.