Evernote 遇襲!5000 萬用戶改密碼避入侵
近幾個月來,黑客有系統地針對一些公用服務,例如郵件及線上文書服務等等進行攻擊,似乎希望從中取得用戶的聯絡資料及所儲存的內容,難道這一系列的攻擊與政府有關?
數小時前,我們收到了來自 Evernote 的電郵,有關電郵之中表示它們的系統正被黑客攻擊,並證實黑客曾存取過部份用戶的帳戶,因此官方要求用戶盡快更改密碼以策安全。
Evernote 是一款應用於智能手機之中的記事軟件,很多行政人員及企業用戶都以此快速記下日常事情,以免忘記。現時 Evernote 擁有 5000 萬名用戶,官方強調今次事件之中並未有任何用戶私人資料及財務訊息外洩,亦向我們表示沒有任何證據顯示 Evernote 的商用客戶資料被黑客存取及外洩。
那究竟黑客獲得甚麼資料呢?官方稱黑客今次的入侵事件分別取得用戶的登入名稱、電郵及被加密了的密碼。我們相信由於密碼已被加密,因此黑客只獲得「一堆符號」,相信難以得知真正的密碼,但為了各位安全,我們建議大家盡快重設你的密碼。
Evernote 是繼微軟、蘋果、Facebook、New York Times、華盛頓郵報等知名網站後的第 N 個受害者,有指一系列的攻擊與中國政府有密切關係,但中國政府多次否認有關指控。以下是 Evernote 電郵全文。
“Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.
As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.
In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking steps to ensure your personal data remains secure. This means that in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.
As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect Evernote and your content.
There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:
Avoid using simple passwords based on dictionary words
Never use the same password on multiple sites or services
Never click on ‘reset password’ requests in emails – instead go directly to the service
Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support.
The Evernote Team ”
