Issue with Evernote E-mail Addresses
Yesterday we discovered a vulnerability in the system that we use to unsubscribe users from our mailing list. We are obliged to tell this to you, our users, because some email addresses could fall into unwanted hands due to this vulnerability. We want to assure you that your account information and other personal data have not been compromised, and we have corrected the error. No action is required from users.
Yesterday at about 11:00 pm Moscow time, we learned about this vulnerability discovered by one of the users of the Habrahabr site (where the information about this problem was published ). It turned out that the service we use to process requests for unsubscribing from the mailing list could result in unauthorized access to the email addresses of other people who also received this newsletter. After we learned about the vulnerability, we promptly fixed the problem, but for about 12 hours after its publication, we could access the list of users' mail addresses.
There are no signs of a large-scale leak, however, an analysis of our log files shows that during this period a list of 536,613 mailing addresses of Russian-speaking users who received our last mailing list and up to 72,406 addresses of English-speaking users could be at the disposal of third parties. Having an email address doesn’t allow you to compromise your Evernote account or access other personal information. You can be sure that all data in your Evernote account is safe and no one except you can access it. However, it is possible that some of these email addresses could fall into the hands of spammers.
')
We at Evernote take security and privacy very seriously, and therefore even in the absence of an immediate threat to account data in this incident, we consider it important to notify you of this situation. We apologize for this mistake and hope that it will not result in a spam stream for our users. As always, please be careful in the case of correspondence with people claiming to work in Evernote. In particular, remember that no Evernote employee will ever ask you for your password, credit card number or other personal information.
If you have additional questions, please contact our support team .
Yesterday at about 11:00 pm Moscow time, we learned about this vulnerability discovered by one of the users of the Habrahabr site (where the information about this problem was published ). It turned out that the service we use to process requests for unsubscribing from the mailing list could result in unauthorized access to the email addresses of other people who also received this newsletter. After we learned about the vulnerability, we promptly fixed the problem, but for about 12 hours after its publication, we could access the list of users' mail addresses.
There are no signs of a large-scale leak, however, an analysis of our log files shows that during this period a list of 536,613 mailing addresses of Russian-speaking users who received our last mailing list and up to 72,406 addresses of English-speaking users could be at the disposal of third parties. Having an email address doesn’t allow you to compromise your Evernote account or access other personal information. You can be sure that all data in your Evernote account is safe and no one except you can access it. However, it is possible that some of these email addresses could fall into the hands of spammers.
')
We at Evernote take security and privacy very seriously, and therefore even in the absence of an immediate threat to account data in this incident, we consider it important to notify you of this situation. We apologize for this mistake and hope that it will not result in a spam stream for our users. As always, please be careful in the case of correspondence with people claiming to work in Evernote. In particular, remember that no Evernote employee will ever ask you for your password, credit card number or other personal information.
If you have additional questions, please contact our support team .
Source: https://habr.com/ru/post/142228/
All Articles