Evernote has discovered and blocked attackers who gained access to their systems, but not before said attackers gained access to around 50 million usernames and passwords (encrypted).
While the passwords were encrypted (hashed and salted), it doesn’t mean they’re safe…
It’s vital to not reuse passwords, and especially important to not have the same password as you have on the email account you sign to a service with. Having the same password would mean that an attacker will be able to gain access to your email account if the password is cracked.
Should you have signed up with the same password on Facebook, Google+, Skype or other services then those are of course also likely to be tried directly, and after that having searches done on google for your email address to see what other services you might have signed up on.
Signing in to http://evernote.com will force you to set a new password, so your other devices will also require the password to be changed.
We advice that you do this as soon as possible, as waiting to do so might leave your notes to be accessed by an unauthorized party.