The company which allows people to store and organise personal data on an external server, is thought to have about 50 million users contacted all users yesterday (Sunday) advising that user names, email addresses and encrypted passwords were accessed.
But it insisted there was “no evidence” that payment details or stored content was accessed, changed or lost.
Evernote acts like an online personal organiser, with users able to save data such as video clips, images, web pages, notes and itineraries in an external storage system commonly known as the cloud.
In an email to all users, the firm said its security team discovered and blocked “suspicious activity on [their] network that appears to have been a coordinated attempt to access secure areas of the Evernote service”.
It added: “While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure.
“This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords.”
The firm apologised “for the annoyance” caused by the breach, which it said is becoming “far more common” at other “large services”.
The hack came a week after social-networking firm Facebook said it had traced a cyber-attack back to China after some of its employee laptops were hacked.
A month ago, micro-blogging website Twitter announced it had been the victim of a security breach which compromised the accounts of 250,000 users.
The company’s information security director, Bob Lord, said the attack “was not the work of amateurs”.