Evernote, and the Security of Your Notes
Over the weekend Evernote announced that they had detected a break-in at their servers. With the Evernote service, all of your notes and other information live on servers located on the Internet. As we discuss in the article about free access to your notes, this setup leads to questions about who exactly owns and controls your information. The break-in also drives home the fact that your information is only as secure as Evernote can keep it.
Think about this for a moment: Joe Evernote-user may have chosen a super-secure, hard-to-guess password for his Evenote account, but hackers circumvented that security by attacking the Evernote servers directly and collecting passwords and account names. Apparently the passwords they took were encrypted, but would you feel secure knowing that hackers have an encrypted copy of your password? Obviously Evernote didn’t, as they forced all of their users to choose new passwords.
Evernote’s 50M customers use the service for its convenience, and because it’s free. The question that may not have occurred to them is whether or not the convenience of using Evernote to store all of their notes and information is worth the risk of a hacker also having access to it? And even after changing their password, how do they feel about a hacker in Russia or wherever knowing their account name and being able to work on guessing their new password at their leisure?
If that makes Joe Evernote-user uncomfortable, maybe he will also think about the fact that Evernote’s terms of service state that Evernote reserves the right to review or enable third parties to review content stored on their servers. Hackers aren’t the only ones Joe has to worry about reading his notes without his knowledge.
Happy note taking!
Aloha from Cupertino,