In a recent blog post, Evernote announced that its Operations & Security team had "discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service."
"In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost," the company stated. "We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords."
"All Evernote users were required to reset their passwords in case the attackers are able to recover passwords from the salted hashed list," writes The Register's Richard Chirgwin. "The password reset will apply not only to Evernote logins, but to all apps that users have given access to their Evernote accounts."
"Unfortunately, the Evernote emails were a potential gift for phishers as the click-through links in the email sent users to 'http://links.evernote.mkt5371.com/,' rather than directly to Evernote," The H Security reports. "The address belongs to a company called Silverpop which does email marketing and user tracking, but with an event as major as a system-wide password reset, users need to be able to validate the links they are being sent by the company."
"The links in this case *do* end up taking you to Evernote's website -- but go silently via Silverpop's systems first," notes Sophos' Graham Cluley. "Presumably that's so Evernote can track and collect data on how successful the email campaign has been. That's a technique commonly used in a normal marketing email communications, but looks very out of place in an email about a security breach."
"There's no information as to how the hackers gained access -- although recent high-profile hacks of Apple, Facebook and Microsoft have exploited zero-day Java vulnerability in Java web plugins," writes TG Daily's Emma Woollacott. "Many industry experts have warned that users should disable Java to be on the safe side."