Evernote tells some users to change their passwords. (Psst! It’s Adobe’s fault…)

Graham Cluley

EvernoteJust like Facebook before it, Evernote has been scouring the list of millions of email addresses and passwords exposed by the recent mega-breach at Adobe.

And, if Evernote finds an email address in Adobe’s breached database that matches that belonging to an Evernote user, they are sending them a message telling them to have a long, hard think about whether it might be wise to change their Evernote password as well.

Here’s an example of the message being sent to Evernote users, whose details were found in Adobe’s leaked database:

Evernote security advisory

There were published reports recently of a security breach at Adobe that may have exposed private information, including Adobe passwords, email addresses and passwords hints of millions of users. The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts.

Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now.

I think this is good, sensible, proactive advice from Evernote, and I’m pleased to see them tackle the ongoing issue of internet surfers using the same password in multiple places.

After all, it’s not Evernote’s fault that Adobe got hacked, and wasn’t holding customer data securely. And yet – potentially – if users have the same password for both Adobe and Evernote (and a lot of people seem to use monumentally dumb passwords like ‘123456’ and ‘password’ for everything) then their Evernote account could also get hacked.

What’s refreshing is that Evernote isn’t beating around the bush – and is quite happy to say that it was Adobe that got hacked.

And I like even more that Evernote is reminding users about its two factor authentication option, that can provide an even higher level of account security.

But before you think that I’m a love-struck Evernote fan, who believes that the online note-taking service can do no wrong security wise, let’s all remind ourselves that it was the victim of a serious hack earlier this year, forcing it to reset 50 million passwords…

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES