2013 may become known as the year of hacker. Following sucessful hacks of Apple, Facebook, Microsoft, and NBC's Web sites and servers, the popular multi-platform, note-taking Web application Evernote servers have been hacked.
Evernote has been cracked and is requiring all its users to reset their passwords.
Evernote reports that while they caught the attack early on, their
"investigation has shown, however, that the individual(s) responsible
were able to gain access to Evernote user information, which includes
usernames, email addresses associated with Evernote accounts and
encrypted passwords. Even though this information was accessed, the
passwords stored by Evernote are protected by one-way encryption. (In
technical terms, they are hashed and salted.)"
Despite this encryption, Evernote is requiring all of its users to
change their Evernote account passwords. You can do this either the next
time you try to use Evernote via the Web site or by going to the main site now and creating a new password. If you need help with this, Evernote asks that you contact them via their online support Webpage.
After signing in to the Web site, you will be required to enter a new
password. Once you have reset your password, you will need to enter
this new password on all of your Evernote apps. The company also states
that, "We are also releasing updates to several of our apps to make the
password change process easier, so please check for updates over the
next several hours."
In addition, the company reminds all Evernote users of the usual
precautions you should take with your security on any online account:
Avoid using simple passwords based on dictionary words.
Never use the same password on multiple sites or services.
Never click on 'reset password' requests in emails — instead go directly to the service.
To this list, I might add that choosing the option to stay logged into Evernote for up to a week at a time is not a safe choice.
This successful hacking into Evernote is unlikely to resulted from
hackers simply breaching user accounts. Many successful Web site hacks
in recent weeks have been the result of holes in Java Web plug-ins. As a
result, security experts have been warning users to disable Java on their PCs.
This theory seems credible since, in a statement made to CNET, an Evernote spokesperson said, "Our operations and security team caught this at what we believe to be the beginning stages of a sophisticated attack.
They are continuing to investigate the details. We believe this
activity follows a similar pattern of the many high profile attacks on
other Internet-based companies that have taken place over the last
several weeks."
Nevertheless, he continued, "At this time we believe we have blocked
any unauthorized access, however security is Evernote's first priority.
This is why, in an abundance of caution, we are requiring all users to
reset their Evernote account passwords before their next Evernote
account log-in."
9:30:00 AM
valgeo
0 σχόλια:
Post a Comment