Evernote reported that while it caught the attack early on, its "investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"
After signing in to the website, you will be required to enter a new password. Once you have reset your password, you will need to enter this new password on all of your Evernote apps. The company also stated, "We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours."
In addition, the company reminds all Evernote users of the usual precautions you should take with your security on any online account:
Avoid using simple passwords based on dictionary words.
Never use the same password on multiple sites or services.
Never click on "reset password" requests in emails — instead, go directly to the service.
To this list, I might add that choosing the option to stay logged into Evernote for up to a week at a time is not a safe choice.
Nevertheless, he continued, "At this time, we believe we have blocked any unauthorized access, however security is Evernote's first priority. This is why, in an abundance of caution, we are requiring all users to reset their Evernote account passwords before their next Evernote account login."