After being hacked, Evernote, quite responsibly, has sent out emails to its users informing them of the security breach – and letting them know that it has decided to reset all passwords.
The email goes on to give some password advice – including a warning:
Never click on ‘reset password’ requests in emails – instead go directly to the service.
That’s a very sound piece of advice, because of the obvious threat – after millions of Evernote customers had their usernames and email addresses stolen – of phishing email attacks.
But take a closer look at the email that Evernote has sent out, with the subject line “Evernote Security Notice: Service-wide Password Reset”…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.