By Jim Finkle, Reuters
Evernote, a Web-based note-sharing service, said it was resetting the passwords of its 50 million users because hackers managed to breach its computer network and access some usernames, email addresses and encrypted passwords. Evernote spokeswoman Ronda Scott said via email on Saturday that the attack “follows a similar pattern” to other cyberattacks on Internet-based companies in recent weeks, but she did not elaborate. “In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost,” the company said on its website. “We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.” Scott declined to say how many accounts had been exposed or whether it might be possible for the hackers to unscramble encrypted passwords. A series of technology companies including Facebook Inc., Apple Inc., Microsoft Corp. and Twitter have recently disclosed cyberattacks. In the majority of those cases, the companies said the unknown hackers exploited a bug in Java software and that no user information was compromised. Twitter is the only major Internet company that has recently reported that its user information was exposed to hackers. On Feb. 1, Twitter reset passwords for some 250,000 accounts whose encrypted passwords may have been accessed.
Scott said Evernote believed that the hackers did not exploit a bug in Java when they broke into the company’s system. Evernote is a privately held company whose major investors include Meritech Capital, CBC Capital, Sequoia Capital, Morgenthaler Ventures, and DOCOMO Capital.