Evernote has announced today that they are requiring its 50 million users to reset their login credentials after the site’s security team discovered a breach that revealed password information and additional personal information.
Evernote posted a security notice which was published Saturday stating the precautionary password reset came after an investigation found no evidence of any stored content being accessed, changed, or lost. The advisory also stated that payment information wasn’t accessed. However, Evernote warned that user information—including usernames, cryptographically protected passwords, and e-mail addresses—were accessed. “Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption,” the statement stated.
Users can reset their Evernote account passwords by signing in then abiding by the prompt. The site will also be publishing updates to numerous apps to help alleviate this password change process.
Evernote also release some tips on having a safe password:
- Avoid using simple passwords based on dictionary words
- Never use the same password on multiple sites or services
- Never click on ‘reset password’ requests in e-mails—instead go directly to the service
