evernote hackedThere are a lot of popular apps out there on the web that content writers like myself, business owners, agencies and their employees rely on to work better and be more efficient. Lots of businesses use Dropbox, Google Apps, and other platforms to get work done. When it comes to keeping track of your notes and ideas however, one app has proved itself dominant: Evernote. But things aren’t very rosy right now at Evernote nor with its 50 million users.

Hacker(s) Attack

News of an attack on Evernote broke late Saturday night, spread throughout Sunday and is still in the news today. According to an AP story posted on Fox News, Evernote “said in a post published late Saturday that an attacker had been able to access sensitive customer information.”

To its credit, Evernote acted immediately (as far as we know) to address this problem. Some companies have been hammered by the public for not being upfront, open, and timely about hacking and security incidents, which hurt their rapport with customers. Recently, Facebook, Twitter, and Apple have been compromised by hacker attacks which are still being investigated. No one is quite sure how much of a role Java zero-day vulnerabilities have played into these security breaches. Evernote claims Java had nothing to do with its recent attacks.

Luckily, according to the AP story, Evernote sees nothing to imply that “any customer data had been tampered with or that any payment information had been compromised.” Evernote did quickly implement a full user reset of password though. Time for 50 million people to think up new passwords to their favorite notes app. This bit of advice came with some confusion though, which could hurt Evernote’s credibility slightly.

Not Following Its Own Advice?

Over at TG Daily, Emma Woollacott recognized something a little odd in Evernote’s response to reset all of its users passwords. Evernote warned that users “should “never click on ‘reset password’ requests in emails – instead [they should] go directly to the service.” Sounds like sound advice to me, until you realize the email Evernote sent out to 50 million people.

Evernote sent an email with a link for its users to change their passwords. Even worse, as Emma writes, it’s “a link that doesn’t take users directly to evernote.com.” Their link goes through a domain titled mkt5371 which is part of a firm Evernote uses to send its emails and track the success of the campaign, a normal process for agencies, businesses, and marketers online when it comes to email (and other) campaigns.

Not exactly clear information for Evernote’s users if you ask me. One could give them the benefit of the doubt that it was just a mistake due to haste, since they did act quickly to address the security problem to their followers. Had they waited too long you can bet social media would be trending with a lot of negative responses.

Security Always Important

Whether you’re a business or an agency, the latest hack on Evernote and the other companies mentioned above should be a strong reminder that security issues should always take center-stage. If your security is compromised, it doesn’t matter how much content or how great the services you provide really are. Take this week to make sure your computers and your systems are up to date and protected. It can’t hurt and it might save you the embarrassment of a botched response or all of the extra work that comes with a security breach.

What do you think of Evernote’s response to their security breach?