
Evernote hacked - tlogan
http://blog.evernote.com/blog/2013/03/02/security-notice-service-wide-password-reset/
======
Ensorceled
I'm kind of annoyed they didn't send an email, just flagged my password. So I
couldn't use the iphone/mac apps and had to login via the web interface to
reset. Which I didn't know because they didn't send an email, just got an
invalid password error.

Their lack of encryption and lack of 2 factor auth just became a much bigger
issue for me...

~~~
rdl
Seriously, who doesn't do 2fa for something like this in 2013? Or 2012, or
even 2011?

~~~
kmfrk
Apple, Microsoft, Yahoo (at least non-US), etc. ...

I'm not sure if there are any bookmark services that actually support this,
though it'd be a decent selling point.

It was a big deal, when Google finally assed themselves to implement it for
Gmail, but companies have been embarrassingly slow in following their example.
_Especially_ when they provide e-mail services.

Twitter hired TFA specialists a few months back, but they are taking their
sweet time about implementing the system. I've wondered for a long time why
social networks aren't on top of implementing this.

It's the SSL discussion all over again.

~~~
rdl
Google Chrome does bookmark sync using user-provided passphrase, so I'd
consider that bookmark service with client side crypto and 2fa.

Crappy consumer services not supporting 2fa is somewhat understandable. No one
uses Apple or Yahoo web services for business. People do seem to use Evernote
in business contexts. Google Apps for your Domain is a fairly legitimate
business option, as is Google Docs.

~~~
kmfrk
Right, forgot Chrome. I only thought of Opera, when it comes to browser-backed
bookmark sync - at least on paper, since it doesn't work at all for me.

------
rdl
I've never really understood the security model for Evernote. It's "an
exocortex" -- your personal notes, which are likely to be more security
sensitive than general documents, email, etc. And yet they have even less
security than Dropbox, themselves not exactly an exemplar of robust security.

They've got competent people operating the service; it's just not well
designed for security.

~~~
MartinMond
Yeah, Evernote really should have been zero-knowledge end-to-end encrypted.

Recently <https://crypton.io/> was released and my hope is that lots of new
SaaS offerings will use it and that this will in the end force even the big
names (Dropbox, 37signals, etc) to adopt real security.

~~~
brisance
I'm not a technical person, but how would they be able to search and index the
items if everything is encrypted?

~~~
MartinMond
They wouldn't be able to do this on the server side. However their native iOS,
Mac, Windows clients could just create&update the search index locally and
sync the encrypted version. With HTML5 localStorage this also works in Web
Apps.

Of course there's a tradeoff, but for me that's easily worth it.

~~~
derefr
The "tradeoff" seems to be "make the server into a dumb store for encrypted
data." At which point, you don't have Evernote (an API for fuzzy-matching
clippings punted into it from various devices), you have Evernote (a set of
fat client programs each of which must maintain an entire copy of the dataset
--notably, _stored necessarily alongside its own decryption key on the client
side, increasing attack surface_ \--and do manual synchronization) plus a POSS
(Plain Old Storage Service, like S3.) The resultant workflow sounds like it
would have more in common with several people trying to edit the same Word
document over SMB, than with making web requests.

[EDIT: clarity about client-side encryption]

~~~
MartinMond

      The "tradeoff" seems to be "make the server into a 
      dumb store for encrypted data." At which point, you
      don't have Evernote (an API for fuzzy-matching
      clippings punted into it from various devices),
      you have Evernote (a set of fat client programs)
      plus a POSS (Plain Old Storage Service, like S3.)
      In fact, the workflow sounds like it would have more
      in common with editing a Word document over SMB than
      with making web requests.
    

Not at all. Fuzzy-matching can be done client side just as well as server-
side. The constraints are a bit different, but not too much (E.g. on the
server-side: Make it scale --> conserve CPU, on the (mobile) client-side: Make
it fast --> conserve CPU)

Otherwise, yeah most Web Apps are nothing more than editing stuff over the
network and visualizing it differently.

The #1 competitor or a SaaS isn't some other SaaS but rather Word/Excel:
[http://www.startupcfo.ca/2011/05/the-1-competitor-for-
saas-v...](http://www.startupcfo.ca/2011/05/the-1-competitor-for-saas-
vendors/)

Edit: Also there's no reason to believe the client-side store wouldn't be
encrypted. That'd be exceedingly stupid.

~~~
derefr
I don't think you got quite what I'm trying to say--the whole point of
Evernote is that all your data is "there", and the collated index for finding
this or that is "there", and so any individual piece of data doesn't need to
be on this device or that device. When you insert a new piece of data, all you
need is that piece of data. You send it off to Evernote, and they stick it
into your database. Then, later--still without any local state--you search the
server to find out if anything you've sent in matches some arbitrarily-complex
query--and if there are results, _then_ you temporarily download [the newest
version of] them from the server. The collation itself--not the storage, not
the UX, but the ability to immediately put something into device X and then
find it using device Y--is what you're paying them for.

Without that, what you have is a OneNote notebook stored in your Dropbox.

> Edit: Also there's no reason to believe the client-side store wouldn't be
> encrypted. That'd be exceedingly stupid.

It's encrypted with a key that's stored _on_ the client, which is the same as
the server being encrypted with a key stored on the server: effectively about
as secure as DRM (i.e. not.)

To put it another way: presuming you have a motive to gain access to _just my
data_ \--with this hypothetical service, if you steal my phone, you have my
data, _and_ the key to decrypt it. Or if you steal my laptop, or my desktop,
or any other device the service is synced to. Or if you hack into them. All
you need after that is the passphrase I (hopefully) set to unlock my
encryption key--and for a single target, social engineering (or lead-pipe
cryptanalysis) can get that right quick.

Meanwhile, there is only one thing people can do to steal my Evernote data:
hack into _Evernote's_ servers. If you just want _my_ data, that's a whole lot
more effort than it's worth, compared to just palming my phone.

[Now, if you want a _bunch of random people's data_ , this is where using
passphrase-locked + per-account-salted encryption-keys server-side is actually
relevant to security. If it takes O(N) time to crack N accounts, there's much
less incentive to do it than if it's O(1).]

~~~
moe
Nonsense.

If your imaginary attacker can social engineer your local encryption password
out of you, he can just as well engineer your Evernote password out of you.
There is no difference.

The real issue is that today someone who hacks the Evernote servers will gain
access to _all_ users notes. With end-to-end encryption they'd have to target
each user individually.

------
melvinmt
That's why I don't use any fancy services for my notes, which usually contains
sensitive data. I simply use Notational Velocity which encrypts my notes and
stores it locally. It does provide a synchronization option with SimpleNote
but they can't even be bothered with using SSL.

~~~
bocmaxima
amen to that. I stopped using evernote awhile ago because of this and once I
started using NV I never looked back. Clearly they don't take security
seriously enough, which is a shame for those who don't know any better.

~~~
markshead
NV?

~~~
dchest
Notational Velocity :)

------
ams6110
_we have found no evidence_ == "we really don't know"

Sorry, I'm sure the Evernote tech team is competent, but clearly some
marketing spin has been put on this announcement.

~~~
moe
_Sorry, I'm sure the Evernote tech team is competent_

What exactly leads you to this assumption?

They designed a service that stores sensitive user-data in an _obviously_
insecure fashion (no end-to-end encryption).

If that's not incompetence then the only other explanation would be criminal
negligence?

------
makeramen
I managed to reset my password to the same that it was before. I changed it
again right away of course, but there should definitely be some protection
against that.

(FWIW I didn't get the email so I was simply locked out and used their "forget
password" form instead of trying to log in, which may have a different reset
process).

~~~
mhartl
This morning I tried to use the same password and it wouldn't let me, so maybe
they fixed this issue.

------
kmfrk
Service currently unavailable. Here is their latest tweet:

    
    
        Important: Evernote just implemented a service-wide
        password reset. Please read our post for details and
        instructions
    

Said post is unavailable by the look of it.

Can someone post a paste of the blog post in here?

~~~
lucb1e
They aren't down (anymore), but in case you are still unable to read it:

\-----

Evernote's Operations & Security team has discovered and blocked suspicious
activity on the Evernote network that appears to have been a coordinated
attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password
reset. Please read below for details and instructions.

In our security investigation, we have found no evidence that any of the
content you store in Evernote was accessed, changed or lost. We also have no
evidence that any payment information for Evernote Premium or Evernote
Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were
able to gain access to Evernote user information, which includes usernames,
email addresses associated with Evernote accounts and encrypted passwords.
Even though this information was accessed, the passwords stored by Evernote
are protected by one-way encryption. (In technical terms, they are hashed and
salted.)

While our password encryption measures are robust, we are taking additional
steps to ensure that your personal data remains secure. This means that, in an
abundance of caution, we are requiring all users to reset their Evernote
account passwords. Please create a new password by signing into your account
on evernote.com.

After signing in, you will be prompted to enter your new password. Once you
have reset your password on evernote.com, you will need to enter this new
password in other Evernote apps that you use. We are also releasing updates to
several of our apps to make the password change process easier, so please
check for updates over the next several hours.

As recent events with other large services have demonstrated, this type of
activity is becoming more common. We take our responsibility to keep your data
safe very seriously, and we're constantly enhancing the security of our
service infrastructure to protect Evernote and your content.

There are also several important steps that you can take to ensure that your
data on any site, including Evernote, is secure:

Avoid using simple passwords based on dictionary words Never use the same
password on multiple sites or services Never click on 'reset password'
requests in emails — instead go directly to the service Thank you for taking
the time to read this. We apologize for the annoyance of having to change your
password, but, ultimately, we believe this simple step will result in a more
secure Evernote experience. If you have any questions, please do not hesitate
to contact Evernote Support.

The Evernote team

------
jerrya
I find evernote tremendously helpful and I pay the $5 per month for a premium
service, REGARDLESS, a google of
[https://www.google.com/search?q=evernote+two+step+authentica...](https://www.google.com/search?q=evernote+two+step+authentication)
says little good about how Evernote respects me or their many many other
customers whom have repeatedly asked for two factor authentication.

------
moe
Let me be the first to say: HA-HA! </nelson>

Over the past few years I've told everyone to refrain from using Evernote. I
told them that Evernote doesn't use end-to-end encryption and that eventually
_this_ would happen.

Hardly anyone would listen ("You're just paranoid", "I don't store anything
private in there anyway, except.. oh").

For once I take cruel pleasure in being "that guy". The general public needs
to learn this lesson.

------
seldo
I note that when Twitter released their breach notice on a Friday afternoon
there were comments accusing them of trying to "bury" the news:

<http://news.ycombinator.com/item?id=5154502>

While there are (so far) no such comments about Evernote releasing this stuff
on a Saturday morning. I think security breaches are just discovered at
inconvenient times.

------
mieubrisse
In the post, they say:

"The investigation has shown, however, that the individual(s) responsible were
able to gain access to Evernote user information, which includes usernames,
email addresses associated with Evernote accounts and encrypted passwords.
Even though this information was accessed, the passwords stored by Evernote
are protected by one-way encryption. (In technical terms, they are hashed and
salted.)

While our password encryption measures are robust, we are taking additional
steps to ensure that your personal data remains secure. This means that, in an
abundance of caution, we are requiring all users to reset their Evernote
account passwords. Please create a new password by signing into your account
on evernote.com."

What it _doesn't_ say is how the passwords were dumped in the first place, or
what they're going to do to ensure it doesn't happen again (outside of taking
"additional steps"). I understand that not all users of Evernote are
technical, but I'd like some peace of mind that a similar thing is less likely
to happen in the future.

------
UnoriginalGuy
The following blog post is also being sent to all Evernote users as an email
communication.

Evernote’s Operations & Security team has discovered and blocked suspicious
activity on the Evernote network that appears to have been a coordinated
attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password
reset. Please read below for details and instructions.

In our security investigation, we have found no evidence that any of the
content you store in Evernote was accessed, changed or lost. We also have no
evidence that any payment information for Evernote Premium or Evernote
Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were
able to gain access to Evernote user information, which includes usernames,
email addresses associated with Evernote accounts and encrypted passwords.
Even though this information was accessed, the passwords stored by Evernote
are protected by one-way encryption. (In technical terms, they are hashed and
salted.(<http://en.wikipedia.org/wiki/Salt_(cryptography)> ))

While our password encryption measures are robust, we are taking additional
steps to ensure that your personal data remains secure. This means that, in an
abundance of caution, we are requiring all users to reset their Evernote
account passwords. Please create a new password by signing into your account
on evernote.com(<https://www.evernote.com/Login.action>).

After signing in, you will be prompted to enter your new password. Once you
have reset your password on evernote.com, you will need to enter this new
password in other Evernote apps that you use. We are also releasing updates to
several of our apps to make the password change process easier, so please
check for updates over the next several hours.

As recent events with other large services have demonstrated, this type of
activity is becoming more common. We take our responsibility to keep your data
safe very seriously, and we’re constantly enhancing the security of our
service infrastructure to protect Evernote and your content.

There are also several important steps that you can take to ensure that your
data on any site, including Evernote, is secure:

Avoid using simple passwords based on dictionary words Never use the same
password on multiple sites or services Never click on ‘reset password’
requests in emails — instead go directly to the service Thank you for taking
the time to read this. We apologize for the annoyance of having to change your
password, but, ultimately, we believe this simple step will result in a more
secure Evernote experience. If you have any questions, please do not hesitate
to contact Evernote Support(<http://evernote.com/support>).

The Evernote team

~~~
jgrahamc
_Even though this information was accessed, the passwords stored by Evernote
are protected by one-way encryption. (In technical terms, they are hashed and
salted.(<http://en.wikipedia.org/wiki/Salt_(cryptography)> ))_

That's great. But to really reassure people they would do best to reveal the
algorithm. After all, DES-based password hashes are both 'hashed and salted'
but are easily broken with JtR.

~~~
NoPiece
Curious, if the attacker knows what the encryption algorithm is, does it help
them at all in breaking it? I.e., does it potentially delay breaking it by not
revealing it?

~~~
UnoriginalGuy
In theory, yes, in practice it is fairly obvious how something is hashed just
by eye. Different hash algorithms produce different output (lengths, starting
character, and spread).

So with some experience you can often tell (or guess and test) what something
is hashed with.

~~~
tobyjsullivan
I would say that's not really true. The output hash will look the same if I
apply a simple salted SHA-1 with a salt or if I apply 500 MD5's followed up
followed up with 200 SHA-1's, each salted differently. I'm not a security
expert, but I think this is closer to best practice these days.

That said, revealing the exact algorithm would basically be throwing people
with weak passwords to the wolves while really only supplying the rest of us
with a false sense of security (because it will probably be cracked anyway).

We'd also be better off if they didn't announce the algorithm if the passwords
get leaked (like with LinkedIn).

~~~
gcr
For practice, see if you can't identify the hashing algorithm for the
following stored passwords:

    
    
        $6$AhHvI8ay$I0ED2wWVU9eheJKvCxzcbc/ZYRoN60q5XNHruYp8yFlQvEOjJ1WtIHUwjG6L4ZGntf3ei8osB7s2GYdkN01gx1
        dGhpcyBpcyBzdHVwaWQKCg==
        286755fad04869ca523320acce0dc6a4
        some_salt:ac01346ad1553221506dd091800a1974
        c8fed00eb2e87f1cee8e90ebbe870c190ac3848c
        6b3a55e0261b0304143f805a24924d0c1c44524821305f31d9277843b8a10f4e
        /5L0cR/wpFqSA
    

Note how they don't look the same, so it's quite easy for an attacker to tell
the difference.

Want to see how you did? Here's the answer key, in base64:

    
    
        MTogTW9kZXJuIGNyeXB0LCBsaWtlIHRoZSBraW5kIHlvdSdkIGZpbmQgaW4gL2V0Yy9zaGFkb3cK
        MjogSnVzdCBiYXNlNjRpbmcgdGhlIHJhdyBwYXNzd29yZCAoc3R1cGlkKQozOiBVbnNhbHRlZCBt
        ZDVzdW0KNDogbWQ1c3VtLCB3aXRoIHNhbHQgcHJlcGVuZGVkCjU6IFVuc2FsdGVkIHNoYTFzdW0K
        NjogVW5zYWx0ZWQgc2hhMjU2c3VtCjc6IE9sZCBVTklYIGNyeXB0KCk=

------
bthomas
> we have found no evidence that any of the content you store in Evernote was
> accessed

This depends on how hard they looked - do people believe content wasn't
accessed?

Is it fair to ask them for a technical post about why they don't think content
was hacked? I'd love to know how they separate auth from content, and how they
ensure that a hacked auth node can't view notes

------
colinmegill
"Please create a new password by signing into your account on
evernote.com(<https://www.evernote.com/Login.action>). After signing in, you
will be prompted to enter your new password."

Why couldn't an attacker do that at this point?

------
eliot_sykes
Blog was down. Google cache of blog post:
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://blog.evernote.com/blog/2013/03/02/security-
notice-service-wide-password-reset/)

------
apapli
Frustrating, I thought they would have done security better than most given
the type of information stored here.

Does anyone know a decent password keeper? I have a list of logins/passwords
for my key sites in a word .doc file stored locally, but given I have a work
mac, home mac, tablet and iPhone it really is a pain to access the locally
stored file.

I thought about saving this file on google drive, but their 2-factor auth
doesn't seem to apply for drive (only gmail).

How do others do this - is there a way to store an encrypted file somewhere
online, then typing in a known password to unencrypt / open it when I need to
access it?

~~~
firloop
LastPass offers everything that you're mentioning, plus 2-factor auth that
integrates with the Google Authenticator app if you want. It's free if you use
it on desktop with browser extensions, but costs $1/month for mobile. I would
highly recommend checking it out.

www.lastpass.com

------
mourique
whew, i was shocked when my evernote client asked me to enter my password
because i did not recieve the e-mail. It seems like this was a precautious
step as nothing was 'really' hacked, or was it?

~~~
tlogan
Their blog is down now, but they did say that attacker had access to usernames
and encrypted password but _nothing_ else.

~~~
JVIDEL
So the content within the accounts was safe then?

------
SonicSoul
i didn't get the email, and my original password still works, it just took me
directly to change password screen.

i guess they're counting on compromised passwords not being used individually
to create new ones?

~~~
SonicSoul
according to bbc "It said user names, email addresses and encrypted passwords
were accessed"

so i guess since passwords were encrypted they weren't fully compromised and a
simple change should be enough.. at least that's what Evernote appears to
think.

<http://www.bbc.co.uk/news/technology-21644317>

------
tlrobinson
Any suggestions of migration paths to more security conscious alternatives?

I'd even be happy with an encrypted disk image on Dropbox if there's a good
way to OCR scanned docs, then be able to search them.

~~~
ncryptedcloud
(Disclosure, I work for nCrypted Cloud)

Since you ask and since you appear to be a Dropbox user looking for more
security, check out www.ncryptedcloud.com It is a Privacy, Security and
Collaboration app that layers on top of dropbox (Skydrive and Googledrive
soon)

------
marcuspovey
Good they're being proactive here, but two things:

1) I'm sick of going through this password reset crap every month or so.
Please lets get rid of passwords.

2) Could Evernote please look at some sort of oauth based signin for mobile
devices? I have to enter this unique and very long password multiple times on
_every device I own_.

It'd be nice if my linked phone and tablet didn't need me to use the same
login system as a human.

------
ga0bi
I filed a ticket this morning after I was unable to login to the Mac client.
Here's their response:

"Dear Valued Customer,

We're truly sorry for the inconvenience this has caused you this morning. We
are attempting to contact our entire userbase about this matter, but we feel
that immediate action in these cases is the most prudent course."

The rest of the email contained the contents of their blog post.

------
rburhum
Funny enough, logging in to Evernote was the first thing I did after laying in
bed spending 1hr+ watching this amazing video about http/https man-in-the-
middle attacks using sslstrip <http://www.thoughtcrime.org/software/sslstrip/>
. Not a good way to start my morning.

------
mdp
They've never really been focused on security in the past. Honestly, I love
the service, but their lack of concern about keeping it secure has never sat
well with me.

I wrote up a post with some of my security concerns.
<http://news.ycombinator.com/item?id=5311010>

------
santiagoIT
I got the email and reset my password (web browser on desktop). I then
launched the MaxOs client app and it asked me to enter the new password,
however the iOS app shows its initial loading screen but then just crashes. It
never gets around to asking me for the new password. Anyone know a solution to
this?

~~~
santiagoIT
An updated iOS app is available since yesterday. After updating I was able to
enter the new password and am back up and running.

------
lysium
I'm wondering how they perform the password reset.

Surely, you must know more than the username. But they cannot rely on the old
password either, because the whole thing was set off by assuming that the old
password is hacked. And they advise their user to ignore instructions per
email.

So how do / could they do it?

~~~
uptown
It contradicts their instructions, but I'm assuming using the password-reset
received email immediately following my request for this email is the "right"
way to do this. I believe the intent of what they warned against were common
phishing emails .

------
yabatopia
I didn't get an email (yet) so I visited the Evernote Forum. I was a bit
surprised to see that I had to sign in with the same username and password of
my Evernote account. It's convenient, but I prefer seperate accounts,
especially since they're using third-party forum software.

------
Nyr
And following the announcement, the blog it's down and emails didn't arrived
yet. Well done, Evernote.

------
senthilnayagam
Anybody considered the zendesk link
<http://m.techcrunch.com/2013/01/08/zendesk-evernote-25k/>

Twitter, tumblr, Pinterest hacks are all having zendesk connection

People on Dropbox have issues too

------
hgezim
I just got an email from "Evernote" with links pointing to
<http://links.evernote.mkt5371.com/>

Please, be very careful, people. Of course, this won't reach the people who
need to hear it :(

------
Stratoscope
For anyone who is as puzzled as I was about how to change the password in the
Android app, the answer is you can't change it in the app. (!)

Instead, you have to tap the "authentication failed" notification. Then you
can change the password.

~~~
scrrr
Yeah apparently they will deploy updated versions of the apps to address that
issue though. (It says so at the bottom of the article.)

------
jrockway
I finally made the switch to randomly-generated passwords for everything, so
for once I can finally not care at all that this happened. It's just a
reminder that I need to close my Evernote account.

------
DocG
Not cool. I use evernote for throwaway email passwords. And storing some
usernames, without passwords. Just to remember usernames.

I wouldn't lose anything, it would be just inconvenient for me.

~~~
drivebyacct2
Maybe use a more appropriate tool? That would be your life way easier anyway?
LastPass? 1Pass, etc?

------
jms703
I don't understand why they don't offer encryption.

~~~
UnoriginalGuy
Encryption on /what/? Point to point or content encryption? Also if your
password has been compromised and that same password is used to encrypt your
data then what exactly would encryption do?

~~~
quinndupont
Data encryption with a private key that the _user_ holds. Evernote, like
Dropbox, etc. have your crypto keys, and thus will always be subject to
hacking and such. If I, and only I, had the keys it would be up to me to keep
them safe, and my data would not succumb to a hack of their database, etc.

~~~
UnoriginalGuy
But password resets would quite literally be impossible.

------
freewizard
Why not share more about the hack detail? Is it another attack from China? As
a (paid) user, I'm a bit concerned about my data security.

------
mmagin
And another example of how badly Wordpress scales.

------
lucb1e
I am impressed by how well this is handled. Much better than I've seen from
other companies!

------
xutopia
Anyone know a good Skitch replacement?

~~~
ActVen
You can actually download Skitch 1.XX here:
<http://update.skitch.com/skitch.html> I have been using it since they
completely messed up Skitch with the 2.XX update. It requires absolutely no
connection to evernote and works great.

