Evernote’s popularity in the note taking niche has skyrocketed lately as this cloud-based platform is able to fulfill a wide variety of organizing and note taking functions. Evernote is also viewed as superior to giant Google Docs in terms of picture and alternative media functions, although the latter still seems to do a better job when it comes to documents. However, a strange and disturbing announcement that came from the Evernote support team was received by the users.
To put it simply, they requested everyone who utilizes the application to modify their current password in order to ensure that no harm comes to the data stored on the Evernote accounts.
The Evernote support team says that…
…there is no actual way of telling at this point whether or not the personal information stored by the users has fallen into the hands of a malicious third party. They do however suggest that, following the investigation they conducted, the hackers were able to obtain the ENCRYPTED variant of the data. What does this mean exactly?
Well, first of all the passwords/usernames/e-mail addresses retrieved in the Evernote hacking attempt are not the only piece of the puzzle necessary to steal your personal information. In other words, the hackers managed to obtain the code, but in order to access any of the “good stuff” they still need to bypass the one-way encryption that, according to Evernote representatives, is not possible.
The one-way encryption system used by Evernote
One-way protection is a technique frequently utilized in cryptology and, in this particular case, it serves as an additional means of data protection. The technical terms for this encryption are “hash” and “salt”. Without overcomplicating the issue, let’s just say that the “salt” is a randomly generated set of data that is added to the passwords in the rehashing process, outputting a concatenated version that cannot be decrypted if the hacker does not possess the salt generating mechanism. And, as Evernote says, they don’t. The same applies for virtually every detail you stored on the network and that was retrieved in the “strike”. Then what is this all about, why do they want us to change their password?
Evernote is an overprotective mother
The request to alter the current password to your Evernote account is quote, “an abundance of caution” on their part. Their support team is fairly confident that the encryption system utilized is robust enough to withstand the attacks of the cleverest hackers, but as a precautionary method you should definitely heed their advice. Wait, it’s not exactly advice, as the password change becomes mandatory once you log into your Evernote application. But don’t worry, as in attempt to maintain their users’ trust and perhaps as a “sorry for letting hackers steal your info”, they have implemented updates to several apps that accelerate, simplify and smoothen the password changing process.
The network hacking trend
Attacks on the networks of online storage servers are becoming increasingly popular lately, as even the best guarded financial institutions and giants like Apple have experienced their fair share. The truth is that no matter how safe a server is, there is always some way around the security and in through the back door. The true test is whether the data retrieved in this manner will become immediately accessible to the hackers or not, a test that Evernote passed brilliantly. But what do these third parties hope to accomplish by breaching the Evernote security?
Certain users argued that the attack was aimed to steal usernames that would later on be sold to spam lists, but in reality that would be like robbing the National Treasury for a new carpet. There are much better and less guarded sources for emails and usernames. Basically, any increase in the spam you might experience lately is likely purely coincidental.
A more likely theory about the intention of the hackers would be that they were trying to acquire the personal/financial information that users might have stored on Evernote in order to commit identity thefts or frauds. They probably didn’t count on the encryption method though, as no reports of users experiencing these problems have been registered to date. Bottom line, nobody can predict with absolute certainty what will become of the stolen data, so it’s better to take Evernote’s “suggestion” and reset your pass code.