Evernote tells some users to change their passwords. (Psst! It’s Adobe’s fault…)


EvernoteJust like Facebook before it, Evernote has been scouring the list of millions of email addresses and passwords exposed by the recent mega-breach at Adobe.

And, if Evernote finds an email address in Adobe’s breached database that matches that belonging to an Evernote user, they are sending them a message telling them to have a long, hard think about whether it might be wise to change their Evernote password as well.

Here’s an example of the message being sent to Evernote users, whose details were found in Adobe’s leaked database:

Evernote security advisory

There were published reports recently of a security breach at Adobe that may have exposed private information, including Adobe passwords, email addresses and passwords hints of millions of users. The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts.

Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now.

I think this is good, sensible, proactive advice from Evernote, and I’m pleased to see them tackle the ongoing issue of internet surfers using the same password in multiple places.

After all, it’s not Evernote’s fault that Adobe got hacked, and wasn’t holding customer data securely. And yet - potentially - if users have the same password for both Adobe and Evernote (and a lot of people seem to use monumentally dumb passwords like ‘123456’ and ‘password’ for everything) then their Evernote account could also get hacked.

What’s refreshing is that Evernote isn’t beating around the bush - and is quite happy to say that it was Adobe that got hacked.

And I like even more that Evernote is reminding users about its two factor authentication option, that can provide an even higher level of account security.

But before you think that I’m a love-struck Evernote fan, who believes that the online note-taking service can do no wrong security wise, let’s all remind ourselves that it was the victim of a serious hack earlier this year, forcing it to reset 50 million passwords…

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.