In-depth

Evernote data breach: lessons to be learned

A month on, Davey Winder analyses what others can learn from the Evernote data breach...

At the start of March some 50 million people received an email informing them that an online note taking and data archiving service they used had been hacked, and a password reset was required.

The way that the company concerned handled the disclosure of this information was interesting as it displayed a mixture of calm professionalism and schoolboy error.

What happened?

In many ways the Evernote data breach was little different to the plethora of incidents involving hackers gaining access to member data. Although we are still waiting for the forensic detail of the attack vector itself to be forthcoming, I wouldn't be at all surprised if it turned out to be the work of the same criminal hacking group based in Eastern Europe that has successfully attacked Apple, Facebook and Twitter in recent weeks.

The target being any data that holds a value on the underground online 'dark market' such as intellectual property, research material and, yes, email addresses and associated service passwords. We know that the Apple attack involved a Java browser plug-in vulnerability being exploited on some of its employees' desktops. We also know that the Facebook breach followed employees accessing a 'developer site' which suggests a similar use of a Java zero-day. Although China has been blamed by some, it seems unlikely that state-sponsored hackers would be involved in such blatant criminal activity rather than politically motivated hacktivity. Instead, the finger of suspicion points towards Eastern Europe where cyber-criminality is rife. And really advanced.

What we do know from the email that was sent out is that Evernote's Operations and Security team discovered and subsequently blocked "suspicious activity on the Evernote network" that appears to have been "a coordinated attempt to access secure areas" of the service. We also know that while there is no evidence emerging that any payment information or user content was accessed, user information certainly was breached. Evernote admits that the information accessed included "usernames, email addresses associated with Evernote accounts, and encrypted passwords" although it points out that the passwords were hashed and salted.

The however and whoever of the breach are by the by; if you are not clued up on how to best protect your enterprise against attack, you only have to scan the pages of IT Pro for plenty of pertinent advice from those who are.

No, what's really interesting here is the 'what happened next' process. And what happened next was a quite schizophrenic breach disclosure statement that simultaneously offered good advice while also ignoring it. It provided clarity but also obfuscation, and risked compounding reputational damage in equal measure to protecting the brand.

So what went right, and what went wrong in terms of handling that disclosure. And, perhaps most importantly, what are the lessons that can be learned?

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022