(In)security: Evernote hacked, corporate data in the age of BYOD, banks as targets

• Evernote announced over the weekend that it had been hacked, and asked all of its 50 million customers to reset their passwords. The Redwood City maker of the Web-based note-taking and list-making app said on its website Saturday that no content had been accessed, although the hackers did get to usernames, email addresses and encrypted passwords.

A company spokeswoman told Reuters the attack “follows a similar pattern” to other hacks on companies such as Twitter, Facebook, Apple and others recently, although she said the company believed the hackers did not exploit a bug in Java like in many of those attacks. (See Here a hack, there a hack, everywhere a hack attack.)

•  In other news about security issues in the cloud, the age of BYOD (bring your own device) is bringing  headaches to IT departments. The New York Times reports that increasingly mobile employees who store and share workplace information on services such as Evernote, Dropbox, Google Drive and more are putting potentially sensitive company information at risk.  When these services get hacked, it costs businesses and government agencies money. The NYT cites an example: Florida will pay for a year’s worth of credit-monitoring services for youth and workers whose information was lost after a Juvenile Justice Department mobile storage device was stolen.

• Finally, Goldman Sachs, Citigroup and others financial institutions are now including warnings about cyberattacks in their annual regulatory filings, according to Bloomberg. Other banks were victims of online attacks in December, and a new wave of denial-of-service attacks have hit banks such as Bank of America and PNC as recently as last week.

“These attacks have started to go beyond nuisance,” Ed Powers, a principal at Deloitte & Touche, told Bloomberg.

Last month, the Obama administration announced a push for the creation of voluntary online security standards for businesses. Congress also reintroduced CISPA (Cyber Information Sharing and Protection Act), controversial legislation that calls for increased cooperation between government and businesses when it comes to cybersecurity. (See GMSV post.)


Tags: , , , , , , , , , , ,


Share this Post