The popular online note-taking service Evernote says it began to suffer a denial-of-service attack on Tuesday which prevented users from accessing their accounts.
The first that most of the firm’s 100 million users knew about the problem was when they saw Evernote fail to sync on their desktops or smartphones, preventing them from accessing the notes and web-clippings they had collected over the years.
With the service inaccessible, many Evernote users realised just how dependent they were on the cloud-based service, and took to Twitter to express their disgruntlement.
A quick trip to Evernote’s status page (if you could reach it) revealed that the company was struggling to repel a denial-of-service attack.
Jun 10, 2014 (6:17 pm PT)
[=>] An update on the service disruption
We’re actively working to neutralize a denial of service attack. You may experience problems accessing your Evernote while we resolve this.
Jun 10, 2014 (2:43 pm PT)
[!] Evernote service accessibility issues
The Evernote.com service is currently unreachable; our Operations team is investigating the issue. We will provide updates as we learn more.
The latest update I have been able to find from Evernote appeared on their Twitter account (strangely they haven’t updated their network status page – maybe they’ve had trouble reaching it? ;) ) where they claim to have restored access for users, but that the service might continue to experience “a hiccup or two” for the next 24 hours or so.
Evernote is up and running. There may be a hiccup or two for the next 24 hours. We appreciate your patience.
— evernote (@evernote) June 11, 2014
A BBC News report quotes Evernote spokesperson Ronda Scott, who says that the denial-of-service attack began at 14:25 PST on Tuesday and had not yet ended.
“We continue to mitigate the effects of the attack, but have successfully returned Evernote to service. As is the nature of DDoS attacks, there was no data loss, and no accounts were compromised.”
Scott’s final comment there is important to stress. A denial-of-service attack does what it says on the tin: it stops you from being able to access a service or website.
It doesn’t mean that any of your data has been stolen, or that a website’s servers have been hacked.
Instead, an online criminal has managed to bombard a website or online service with so much traffic at such intensity that it becomes stressed, can’t handle the information overload and, effectively, falls over in a gibbering wreck.
Attackers can make a denial-of-service even more severe by harnessing hijacked computers around the world to join in the bombardment, in a so-called distributed denial-of-service attack (DDoS).
What is unclear is why Evernote was targeted. Frequently denial-of-service attacks might be instigated by hackers who have a grudge against a particular company or user of the company’s service, or with the intention of extorting payment for a return to normal service.
This isn’t, of course, the first time that Evernote has found itself the recipient of unwanted attention from internet criminals.
In March 2013, for instance, the company informed all of its users that they should change their passwords after its servers were compromised by hackers.
A denial-of-service attack is unwelcome news, and angers customers who can’t access their data. But it’s nothing like as bad as having your servers hacked and customer information stolen.
Were you hit by the Evernote denial-of-service attack? Leave a comment below sharing your thoughts and experiences.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.