Evernote Hacked And Is Requiring All Users To Reset Their Passwords; Incident Offers Advisors A Poignant Lesson About Security And Encryption

Sunday, March 03, 2013 17:18
edit
Evernote Hacked And Is Requiring All Users To Reset Their Passwords; Incident Offers Advisors A Poignant Lesson About Security And Encryption

Tags: data security breach | privacy; security

Evernote, a popular mobile app, says it was hacked and is requiring all users to reset their passwords as a precautionary measure.

This Website Is For Financial Professionals Only


 

"We have found no evidence that any of the content you store in Evernote was accessed, changed or lost," the company says in a blog post. "We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords."

 

Evernote says it encrypts passwords. So even though its system was breached, hackers should not be able to see the passwords associated with a particular user. 

 

However, based on Evernote's blog today post and others in the past, content stored by Evernote is not encrypted. So the hackers would indeed have been able to see the content associated  with a user's accounts.

 

This is the same issue, by the way, that led to my criticism of a popular tech writer's assessment several years ago of a file sharing service. I took the writer to task for saying that a free file sharing service had "very impressive" security, when the app was, in fact, not encrypting content stored on its servers.  (For the record, the writer, Joel Bruckenstein, is very knowledgeable about advisor technology, and despite reports to the contrary, we like and respect each other. I just could not let that mistake pass because security is way too important an issue.)

 

Hopefully advisors are not posting personally identifiable information about clients on Evernote. If you are storing PII about clients on Evernote, you likely are legally obliged to disclose to clients that their data may have been breached.

 

 

Comments (0)

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.

busy