Evernote Security Compromised

starburst writes "Another online company has had its security compromised. Today Evernote posted on their blog that they're issuing a service-wide password reset because of suspicious activity on their network. They say an unknown intruder gained access to usernames, email address, and encrypted passwords. Even though the passwords were hashed and salted, they're doing the password reset as a precautionary measure. Nevertheless, it's a good reminder to keep a close eye on who you keep your data with in the cloud. Nothing is totally secure; it's always a compromise between security and convenience."

Shocking...

[ohzero]

One more trendy company that didn't have a security program gets compromised. It's almost as if ignoring the problem doesn't make it go away. Pentest, code review, remediate, and test some more. Or, you know, lose brand value...that's the other option.

Re:Shocking...

[Mr Thinly Sliced]

As entertaining as a finger pointing "these guys don't know what they're doing" exercise can be, with the best will in the world you're always just one mistake away from letting the bad guys in.

It sounds like they have a pretty good system in place (salted hashes, intrusion detection mechanisms and notification) and they aren't being coy about a problem.

At the very least their internal security team now gets a nice big stick to beat management with to stopping cutting certain corners.