Evernote Security Breach Announcement Includes One (Big) Stumble

Standard

You’ve heard by now that Evernote had a major security breach and is forcing its customers to reset passwords… 50 million accounts.

What you may not have realized is that Evernote’s email announcing the problem – a much more transparent and prompt response to the issue than most of the tech giants who preceded them down this path – included what looked like a spoofed link to a password-reset page.

I learned about this Saturday when a tech friend provided a heads-up re the discrepancy. I wondered out loud if someone was already using the outage as a phishing attack.

But no, the odd link came from Evernote’s email marketing firm.
Continue reading