In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated withEvernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
To use the service, you’ll have to log into the Web and reset your passwords. (Easier said than done … the blog post above is difficult to reach because the servers have been overloaded.) While it appears credit card information and actual notes stored in the system were not accessed, you should probably be aware of the dangers facing your password and information info right now. If you’re curious about further details, TechCrunch has more.