Admiral Online
+1.818-381-5500  -8 GMT
  • Company
    • About >
      • Careers
      • Credits
      • Disclaimer
      • Investors
      • Social Responsibility
    • Labs
    • Partners
    • Resellers
    • Contacts
  • Services
    • Connectivity >
      • POPs
    • Content Management >
      • Estimator
      • Color Organizer
      • Image Library
      • Photo Library
    • Domain Registration >
      • Blockchain Domains
      • DomainSupplier ™
      • Domain Search
      • Create Account
      • Domain Admin Portal
      • Domain Rank Finder
    • Server Hosting >
      • WebsiteEditor
      • Hosting API
      • Virtual Private Server
      • Virtual Private Desktop
    • SEO Engineering >
      • Add URL
      • Word Counter
      • Relationships between Search Engines
      • SEO Reference Chart
      • Link Scanners
      • Link Share
    • Merchant Account Issuer
    • Telephony >
      • DictoMail
      • Telafon VoIP
  • Travel
    • Travel FAQ
  • Support
    • Tools >
      • Site Malware Scanners
      • Browser Environment
      • Display Resolution Tool
      • Credit Card Validator
      • Password Tester
      • Encryption Tools
    • Make Payment >
      • PayPal
      • Manually
    • Network Status >
      • Speed Test
    • News >
      • Breach News
      • Security News
      • Spyware News
      • New Apps - Tricks
      • Virus News
    • Blog
  • Login
    • Create New Account >
      • Add DNS Account
      • Add Hosting Basic
      • Add WebsiteEditor ™
    • Manage Your Account >
      • User Login
      • DNS Login
      • Reseller Login
    • Password Tester

Evernote Cloud Service Hacked

3/5/2013

0 Comments

 
Unknown attackers gained access to user data and encrypted password files, prompting the online storage service to alert its subscribers of the breach. Online storage service Evernote warned 50 million users on March 2 that unknown attackers had compromised its system and gained access to the information on more than 50 million users, including encrypted password files. Evernote reportedly uses MD-5, a cryptographic hash function that has been known for years to be vulnerable.

Evernote moved to assure customers that their data and payment information remained safe, but conducted a password reset for all 50 million users across its services. The breach, which apparently happened in late February, allowed the attackers to access user names and email addresses of Evernote users, the company stated. The criminals also accessed the encrypted password file, the company said in a post on its Website. "Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)" the company stated on the site. "While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure." To store secure passwords, the data is typically hashed, or scrambled using a one-way encryption function. Strong hashing uses "salt," which is a random number that prevents attackers from easily using a variety of attacks.

Cloud service companies, which collect information on a massive number of users, have become targets for hackers and cyber-criminals. In June 2012, business networking service LinkedIn acknowledged that the hashed, but not salted, passwords for nearly 6.5 million users had been stolen. The company became the target of a class-action lawsuit later that month. So far, neither the Evernote password file nor decrypted passwords appear to have been posted online, said Steve Thomas, co-founder of PwnedList, which tracks accounts information that has publicly been posted.Evernote claims that it had used a unique seed, or salt, for the password hashing, to make recovering the passwords much more difficult for the attackers, assuming that they did not get access to the salts along with the passwords, Thomas said. "The concern is where the salt was kept, and if the hackers got access to the salt," he said. "If the salt was also stolen, or there was a unique salt for each password, but the salt was also in the database, then we would expect with a little bit of effort, a large number of the hashes can be reversed."

If some fraction of the password file can be decrypted, it still represents a danger for users, even after they have changed their passwords on Evernote's system, because a large percentage of individuals—between 50 percent and 80 percent, according to studies of previous breaches—reuse their passwords. "Individuals should also be concerned about any other services where they used the same password as the one that was stolen," Thomas said. "Individuals should always assume that a password is vulnerable, regardless of if it was hashed and salted, as soon as it is in the hands of a hacker."

Evernote represents a treasure trove of user information. In June, Evernote announced it had 34 million users. That number expanded to 45 million in December and 50 million as of February.
0 Comments



Leave a Reply.

    RSS Feed

    (Alternate Feed)

    addtomyyahoo4Subscribe in NewsGator Online
    Subscribe with BloglinesAdd to netvibes
    Add to Google

    ...with other readers:

    Archives

    March 2014
    May 2013
    March 2013
    February 2013

    Categories

    All
    Browsers
    Domains
    Security
    Seo
    Surveillance

Call Admiral Online
Admiral Online Icon
Email Admiral Online
IP: ... in ...
© 1994-2021 Admiral Online
All Rights Reserved


Company
About
Labs
Partners
Resellers
Contacts
Services
Connectivity
Content Management
Domain Registration
Server Hosting
SEO Engineering
Merchant Account Issuer
Telephony
Support
Tools
Network Status
News
Blog
Login
User Login
DNS Login
Reseller Login