Privately held, venture capital-backed Evernote, which sells apps that help computer users organize their "notes, Web clips, files, and images" all in one place, has just discovered the downside of holding a lot of useful information in one place: It attracts thieves like bears to honey.
Recent weeks have featured news reports of high-tech hack attacks at high-profile targets Apple (NASDAQ: AAPL ) and Facebook (NASDAQ: FB ) . Now, on Saturday, the popular website Evernote announced on its blog that it has "discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service." According to the company, an investigation into the hacking incident revealed no evidence that user content "was accessed, changed, or lost." "We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed," the company said.
However, Evernote did confirm that the hackers were able to access usernames, email addresses, and passwords. News reports suggest as many as 50 million accounts may have been compromised in this manner. If correct, this could make the Evernote hack as much as 20 times worse than the 250,000-account-large attack on Twitter last month.
Although Evernote encrypts user passwords, codes can be broken. As a precaution, therefore, Evernote is requiring users to reset their passwords.