Evernote Security Flaw Leaves 4.6 Million Users Vulnerable

Evernote web clipper breach

What Happened?

On Wednesday, June 12th, 2019, a flaw within Evernote’s Google Chrome extension code was reported, which created a security vulnerability impacting 4.6 million consumers and companies. The organizational software app’s extension defect, discovered by security company Guardio, opened the door to potential harvesting of user data by bad actors, including authentication data, financial information, private social media conversations, emails, and more.

Should You Be Worried?

Evernote patched the code scripting error and rolled out an update once alerted to it, but it’s unclear how long cyberthieves may have had access to user data. If hackers took advantage of the code flaw before the patch, or users have not yet installed the extension’s update, the thieves would be able to gather sensitive information from multiple third-party web pages that worked with the Evernote extension, leaving your Personally Identifiable Information (PII) vulnerable to identity theft and fraud.

3 Tips to Stay Protected

  1. Update your Evernote extension. If you use Evernote Web Clipper, be sure that you have the latest, patched extension installed by visiting: https://chrome.google.com/webstore/detail/evernote-web-clipper/pioclpoplcdbaefihamjohnefbikjilc?hl=en
  2. Research before you download. Before deciding to install browser extensions, do your research to make sure you are using a trusted source, and be vigilant with installing updates to patch any discovered vulnerabilities.
  3. Monitor your personal and financial accounts. Keep a close eye on your social media, bank, and any other online accounts where you share sensitive information.

Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

Follow us on social!
Facebook | Twitter | LinkedIn 


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.