And, if Evernote finds an email address in Adobe’s breached database that matches that belonging to an Evernote user, they are sending them a message telling them to have a long, hard think about whether it might be wise to change their Evernote password as well.
Here’s an example of the message being sent to Evernote users, whose details were found in Adobe’s leaked database:
There were published reports recently of a security breach at Adobe that may have exposed private information, including Adobe passwords, email addresses and passwords hints of millions of users. The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts.
Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now.
I think this is good, sensible, proactive advice from Evernote, and I’m pleased to see them tackle the ongoing issue of internet surfers using the same password in multiple places.
After all, it’s not Evernote’s fault that Adobe got hacked, and wasn’t holding customer data securely. And yet – potentially – if users have the same password for both Adobe and Evernote (and a lot of people seem to use monumentally dumb passwords like ‘123456’ and ‘password’ for everything) then their Evernote account could also get hacked.
What’s refreshing is that Evernote isn’t beating around the bush – and is quite happy to say that it was Adobe that got hacked.
And I like even more that Evernote is reminding users about its two factor authentication option, that can provide an even higher level of account security.
But before you think that I’m a love-struck Evernote fan, who believes that the online note-taking service can do no wrong security wise, let’s all remind ourselves that it was the victim of a serious hack earlier this year, forcing it to reset 50 million passwords…
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.