Evernote tells some users to change their passwords. (Psst! It’s Adobe’s fault…)

Graham Cluley
Graham Cluley
@[email protected]

EvernoteJust like Facebook before it, Evernote has been scouring the list of millions of email addresses and passwords exposed by the recent mega-breach at Adobe.

And, if Evernote finds an email address in Adobe’s breached database that matches that belonging to an Evernote user, they are sending them a message telling them to have a long, hard think about whether it might be wise to change their Evernote password as well.

Here’s an example of the message being sent to Evernote users, whose details were found in Adobe’s leaked database:

Evernote security advisory

There were published reports recently of a security breach at Adobe that may have exposed private information, including Adobe passwords, email addresses and passwords hints of millions of users. The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts.

Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now.

I think this is good, sensible, proactive advice from Evernote, and I’m pleased to see them tackle the ongoing issue of internet surfers using the same password in multiple places.

After all, it’s not Evernote’s fault that Adobe got hacked, and wasn’t holding customer data securely. And yet – potentially – if users have the same password for both Adobe and Evernote (and a lot of people seem to use monumentally dumb passwords like ‘123456’ and ‘password’ for everything) then their Evernote account could also get hacked.

What’s refreshing is that Evernote isn’t beating around the bush – and is quite happy to say that it was Adobe that got hacked.

And I like even more that Evernote is reminding users about its two factor authentication option, that can provide an even higher level of account security.

Sign up to our free newsletter.
Security news, advice, and tips.

But before you think that I’m a love-struck Evernote fan, who believes that the online note-taking service can do no wrong security wise, let’s all remind ourselves that it was the victim of a serious hack earlier this year, forcing it to reset 50 million passwords…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.