When we wrote about Evernote in December 2012 we had no idea that it was hackable. The Newsy Grab Media video (with Candice Aviles, March 3, 2013) gives the most disturbing report on the troubling hack. The signpost/s suggests that the initial Saturday hack could be the front end of a larger and "sophisticated attack". The hack's origin seems to be Eastern European. China hackers seem to have been left out of this one. Evernote Premium and Business appear to be left untouched. Otherwise, millions of folks (about 50 million) have been asked to change their online passwords.
Evernote has also become an important service to education and government. We hope those entities opted for the pay services which seem to be better protected? Of those 50 million files that were broken into it seems that all user names, user emails and passwords were extracted (illegally). Those poor folks seem likely to be getting some "rogue emails" to their inboxes or worse - even having their passwords changed unexpectedly. We have been through that experience - it can take months to turn the situation around. We advise urgency in your attention.
The Evernote password change notice does state there "is no evidence" that any financial information was grabbed. That might be a better reason to hurry to your online Evernote account and browse thoroughly. "Password encryption is robust" and uses techniques like "hashing and salting". The security team notice advises you to harden your new password. Oh by the way you will be asked for your new password when signing in according to the security note. Last month Twitter was reported hacked (and some other famous sites) and Mashable produced an excellent video on passwords.
That video advises us on a Random Key password generator through Symantec. You may want to check out the password generator from Norton. Also suggested is a password manager like from 1Password but it's a pay service. Yith is said to be a free password manager service but we have no recommendations for it. PCMag produced a list of some high rated password managers - but that was in 2011. Then there is Google's 2-step verification security page. But even Google itself reported some hacks last year - we thought that Google and Evernote were "the mountains of hacks". Is the future one without passwords? - we're not sure.