Evernote resets all users passwords on Saturday after the security breach. Evernote had put up a statement on their website, saying that no stored user data had been lost or changed but, the attackers were able to gain the access to the personal information, including usernames, passwords and email addresses. Though the passwords were stolen, the company claims that the passwords are protected by one-way encryption (in technical terms ‘hashed and salted’).
The company says “While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.”
The company’s security team first detected unusual and potentially malicious activity on 28th February, reports TheVerge.