Monday, March 04, 2013

Security or Scam? How do you know?

Last week I challenged our readers to test their information literacy competency by asking if they understood the economic issues surrounding the use of information. I wrote about the cost of convenience, using the example of how we click through end user license agreements (EULAs) to take software “as is” no questions asked. Here’s another chapter in that book. Do we know what we’re getting ourselves into when we entrust our data and our identities to the “cloud”?

Yesterday I received a Security Notice from the Evernote Team (or so the email claimed.) Evernote is a web-based service that allows you to keep notes synced across various devices. I love it but that’s a topic for another day.

The Security Notice said that they detected some suspicious activity so they decided “in an abundance of caution” to inconvenience all of its 50 million users by requiring us to reset our passwords. The notice referenced “recent events with other large services” that “have demonstrated, this type of activity is becoming more common.“ I had indeed read of such nefarious activities of late.

But I thought the message was muse-worthy because of what it told me to do about it:

“Please create a new password by signing into your account on evernote.com."


Ironically, a hyperlink was provided but the message later recommends I “never click on ‘reset password’ requests in emails.”

Right!

Instead, I should go to the site directly. Therefore, in my own “abundance of caution,” I Googled Evernote and found a number of references to the Security Notice which seemed to legitimize the message – including a news article about the hacking and password resetting requirement. But I still wasn’t going to click on any links within the email.



According to the notice, the hackers “were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.”

Resetting my password does not guarantee that my data wasn’t already taken. Stealing information is not like stealing a bike. I can see that my bike has been stolen. I cannot tell if my information has been stolen.

Evernote makes it convenient to share between my Facebook and Google accounts. Does that mean that all of my friends are at risk now?

I must evaluate the information that may have been compromised – did the notes I meant for my eyes only include any information that could be used to steal my identity, credit, or money from my checking account? Did I use the same login and password for any other accounts? What else is at risk?

All I know is that it was a valid security notice,. I reset my password but have more work to do.

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ Robin Hartman is Director of Library Services at Hope International University. She is curious about how the organization and communication of information shapes society and is committed to equipping students to impact the world for Christ.

No comments: