Evernote Hack Affects Millions
Popular cloud, note taking service Evernote, is the latest victim in a growing list of hacks, attacks, and security concerns for cloud-enabled companies. With an estimated 50 million users affected, the recent attack had social media and blogs buzzing with frustrated users.
Evernote announced the compromise via its official blog site and explained that it would be sending emails out to customers containing information reflected in its blog post. The hack, which appears to have allowed hackers to gain access to sensitive usernames and passwords does not appear to have gone much further. Evernote claims that in their investigation they have found no evidence of hackers accessing customer billing, or data contained within user notes or folders.
Though this may be the case, it would only take the hackers a few moments once they received the account username and password to access user information. It is unclear how a company would know if user information was compromised, especially if it was accessed individually or on a small scale. It would be difficult to recognize valid users to hackers utilizing valid credentials to gain access to personal information.
Since the attack, Evernote has made it mandatory for all users to change their passwords in order to access the service. Many users were unaware of the attack and have had difficulty accessing their accounts and information after an Evernote software update and password reset requirement. Early emails sent out notifying customers of the compromise contained shortened unrecognizable links, creating confusion, and had some users questioning the email as a phishing attempt.
The company quickly revised emails to remove the questionable links, but not before many hit Twitter to voice their concerns. This latest attack as well as many high profile hacks in recent months have flamed a debate over keeping sensitive information in the cloud. Though there is cause for concern; the bigger question may be, is your information safer in the cloud or on your personal devices? Some may say that personal devices are far less secure and prone to compromise than a business that has deployed hardware, software, and measures to keep information safe.
With the continuous barrage of spyware, viruses, and malware on personal devices, it’s easy to see that there is no perfect solution. Whether you choose to utilize cloud services for more secure information or not, what is clear is everyone needs a password strategy.
First and foremost, though inconvenient, users must create different passwords for different services. Considering hackers have access to email addresses and passwords, the possibility for them to utilize this information to access other accounts or services is high. Second it is imperative to utilize complex passwords that have uppercase and lowercase letters, numbers, and symbols in order to make it harder for software bots to crack individual passwords. Lastly if an attack occurs make sure to change your information as quickly as possible including changing passwords for any other accounts that may use the same password.