I’ve been seeing a lot of news about hackers taking their game to the next level. You can see this with Twitter’s recent blog post and forced reset of many users passwords. In keeping with the trend, Evernote just posted about similar attacks and recommended that all users reset their passwords even though they don’t think they attacks got anywhere.
Both responses have a few things in common:
- They used social media, specifically blog posts, to tell what happened, give more information on their processes, and to make recommendations
- Both companies were not sure about what information or accounts were compromised but both took proactive steps to ensure security
- Both Evernote and Twitter highlighted that the passwords were “salted” and thus even more resistant to compromise
- Both companies were actively looking for signs of hacking
- While it’s not explicit in the blog posts, both companies have security teams and had responses drawn up to react to the hacks. The reaction included both technical reactions and communication/PR steps. Both are important nowadays.
Let me finish with the last paragraph on the Twitter blog post.
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.
I really appreciated the way Evernote handled it.