Evernote, the online information storage provider, is the latest in a raft of companies whose cloud-based services to have been hacked. The California-based company has urged users – thought to number 50 million worldwide – to reset their passwords as a matter of urgency.
The user information accessed illegally included passwords, user IDs and email addresses. Evernote has said that the passwords were salted hashes, a means of password encryption.
Evernote users are advised to reset their passwords in the case that attackers are able to recover passwords from the salted hashed list. The reset will apply not only to Evernote logins, but to all apps that users have given access to their Evernote accounts.
Announcing the security breach, Evernote said that it “appears to have been a coordinated attempt to access secure areas of the Evernote Service”. It apologises for the "annoyance" caused by the breach, which it said is becoming "far more common" at other "large services". Other household name tech companies to have been attacked in recent weeks include Twitter, Facebook, Microsoft and Apple. A recurring zero-day vulnerability in programming language Java is behind most of the issues, but at this point it is not clear whether the latest hack has been enabled by the same weakness.