Graham Cluley reports that Evernote has been going through the list of several million e-mail addresses and passwords exposed by the recent Adobe breach, and has been contacting Evernote users whose e-mail addresses appear on that list.
“We compared [the Adobe] list to our user e-mail addresses and found that the e-mail address you used to register for an Evernote account is on the list of exposed Adobe accounts,” the Evernote e-mail states. “Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now.”
The e-mail also recommends that users avoid simple passwords, never reuse the same password on multiple sites or services, and never click on “reset password” links in e-mails — always go directly to the site instead.
Evernote is also advising users to consider setting up two-step verification for additional security.