Evernote Cloud Storage Service Warns Users of Password Breach
Unknown attackers gain access to user data and encrypted password files, prompting the online storage service to alert its subscribers of the breach.
Online storage service Evernote warned users on March 2, that unknown attackers had compromised its system and gained access to the information on more than 50 million users, including encrypted password files.
Evernote moved to assure customers that their data and payment information remained safe, but conducted a password reset for all of its 50 million users across its services. The breach, which apparently happened in late February, allowed the attackers to access usernames and e-mail addresses of Evernote users, the company stated. The criminals also accessed the encrypted password file, the company said in a post on its Web site.
“Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed andsalted.)” the company stated on the site. “While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure.”
To secure store passwords, the data is typically hashed, or scrambled using a one-way encryption function. Strong hashing uses “salt,” which is a random number that prevents attackers from easily using a variety of attacks.
Cloud service companies, which collect information on a massive number of users, have become targets for hackers and cyber-criminals. In June 2012, business networking service LinkedIn acknowledged that the hashed, but not salted, passwords for nearly 6.5 million users had been stolen. The company became the target of a class-action lawsuit later that month. Read More