US-based online storage firm Evernote has implemented a service-wide password reset after its computer systems...
were breached by hackers.
The company said its security team had discovered and blocked suspicious activity on the Evernote network that appeared to be a coordinated attempt to access secure areas of the Evernote service.
Evernote said its investigation revealed that hackers had gained access to user information, including user names, email addresses and encrypted passwords.
The company said that while its password encryption measures were robust, it was implementing a password reset as a precautionary measure.
However, it said there was "no evidence" that payment information or stored content had been accessed, changed or lost.
“As recent events with other large services have demonstrated, this type of activity is becoming more common,” Evernote said in a statement.
The company said while it was constantly enhancing the security of its service infrastructure, there were several important steps that users could take to ensure their data is secure on any site.
These measures include:
- Avoid using simple passwords based on dictionary words;
- Never use the same password on multiple sites or services;
- Never click on "reset password" requests in emails – instead go directly to the service.
Hack attacks becoming increasingly common
In early February, Twitter was forced to reset the passwords of 250,000 accounts after detecting and shutting down a hacker attack.
Twitter's information security director Bob Lord said investigations revealed that the attackers may have accessed user names, email addresses, session tokens and encrypted/salted versions of passwords.
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts,” he wrote in a blog post.
In January, Facebook admitted to a security breach after employees visited a mobile developer site that was compromised. The website hosted an exploit, which then allowed malware to be installed on these employees' laptops, according to a blog post.
Facebook has claimed that no user data was from this attack, but security experts say this is difficult to guarantee.
In February, Apple announced its computer systems had been breached by the same attackers that targeted Facebook. However, the company said only a few computers were affected and there was no evidence of data theft.
In late February, Microsoft claimed that its breach was from “malicious software using techniques similar to those documented by other organisations".
“We have no evidence of customer data being affected and our investigation is ongoing,” said Matt Thomlinson of Trustworthy Computing Security, in a Microsoft blog post.
The blog post also highlighted the importance that other companies must be prepared to deal with similar attacks in the future.