On March 2, 2013 the Evernote team released a statement that their security team detected suspicious activity on their servers. As you can see in part of their statement below, usernames, Evernote email addresses, and encrypted passwords were accessed. However, your Evernote passwords are encrypted and are secure. Encrypted passwords are stored in a way that they are unreadable unless you have the proper key to decode it. The individuals trying to access the Evernote information did not have the encryption key, which means they could not see your password.
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
As a security precaution, Evernote is requiring all users to reset their passwords. If you’ve tried to access Evernote on your smartphone or computer, you may have noticed you are being prompted to enter your password. If you haven’t reset your Evernote password yet, you will be required to before you can access your account again. Log into the Evernote website to reset your password. You will also want to update all of your Evernote apps on all devices.
While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com.
Keep the tips in the Manage Your Passwords post Sam wrote in mind when you create your new password. Find something that is easy for you to remember but is something only you would know. Try not to use words in the dictionary or the names of your kids or pets as someone might easily guess them. Using a combination of upper and lower case letters and add special characters when possible.
This is an unfortunate situation but I think Evernote made the right decision to have everyone reset their passwords. I feel comfortable leaving my information with Evernote. Having your information stored in the cloud makes it very easy to access your information wherever you are and on multiple devices. But situations like this are a risk that you take when you use the cloud and its why its so important to always use strong passwords.