Evernote Denies Java Exploit Used In Hack

The online storage and productivity service Evernote said that it does not believe that the hack of its network that exposed information on 50 million users relied on an exploit of a Java vulnerability, as did recent attacks on Twitter and Facebook.

Java - Evernote
Evernote says an exploit of Oracle’s Java doesn’t appear to have played a role in a hack of its cloud based productivity software.

In an e-mail response to questions from The Security Ledger about the hack, Ronda Scott, an Evernote spokeswoman, said that the firm does not believe that the hack used the Java exploit attributed to the other attacks, but said it was still investigating the incident.

“It’s premature for us to comment on the methods used, the specific systems affected and/or origin and motivation,” she wrote.

She said the company first became aware of the “unusual and potentially malicious” activity within its online service on February 28 and began notifying Evernote users of the need to reset their password the next day, March 1st.

Scott maintained that Evernote hasn’t found evidence of unauthorized access to user accounts.

Customers use Evernote to store information, including notes, documents, images and the like. The cloud-based service can be accessed from a wide variety of devices, giving users a central repository from which to access their files.

At Evernote, attackers were able to gain access to user information including usernames and email addresses associated with Evernote accounts. The company said the passwords were hashed – encrypted using a one-way encryption algorithm – and “salted” with random data to guard against automated, brute force attacks.

It’s not known, yet, how the company was hacked or whether there is a connection to the attacks on other prominent, online firms. In its statement, Evernote said that ”recent events with other large services” demonstrate that”this type of activity is becoming more common,” but did not indicate that the attack was linked to those on Twitter, Facebook, Apple and others.

Evernote did not directly respond to a question about whether its developers or other employees were attacked via a “watering hole” – or a compromised, third-party web site that targeted individuals are known to frequent. Citing mostly circumstantial evidence (Evernote’s preference for Apple Mac), a blog post by the security firm F-Secure suggests that a watering hole attack and Mac-focused malware may have been used – similar  to the attacks on Facebook and Twitter.