The drumbeat of corporate security issues pounds on, with hybrid cloud/local notekeeping
service Evernote reporting this weekend that its internal security
team "discovered and blocked suspicious activity" aimed at sensitive
areas of Evernote's
service. Although neither billing information nor actual client notes were
exposed in this breach, Evernote does acknowledge that some user account
information -- usernames, email addresses and encrypted passwords -- was
accessed.
While none of
the user passwords were stored in the clear, the fact that they may be in the
hands of hackers (along with the corresponding user credentials) led Evernote
to force a password reset for all its millions of users. If you've gotten a
password reset notice from Evernote, it's almost certainly legitimate, but in
the interest of proper procedure you should not click the login link in the email. Open
a trusted browser (these days, that means one with Java applets disabled) and type in
"www.evernote.com" directly to reset your login credentials.
As more and
more cloud services are subject to attacks that target user login details, it's
become overwhelmingly clear that just having a strong password isn't enough; if you reused your Evernote
password on any other service (especially your email account), you have a
potentially serious problem. Managing unique passwords for scores or hundreds of accounts
is no picnic, but utilities like 1Password or LastPass can make it easier to find and change your re-usedpasswords. [TUAW]
You can follow me on Twitter, add me to your
circles on Google+ or Subscribe to
me on facebook or YouTube. You can also
check my website and blog to keep yourself
updated with what is happening in the ever changing world of technology
No comments:
Post a Comment