The California-based company, that allows people to store and organise personal data on an external server, is thought to have about 50 million users.
It said user names, email addresses and encrypted passwords were accessed. But it insisted there was "no evidence" that payment details or stored content was accessed, changed or lost.
Evernote acts like an online personal organiser, with users able to save data such as video clips, images, web pages, notes and itineraries in an external storage system commonly known as the cloud.
In a statement on the company's website, the firm said its security team discovered and blocked "suspicious activity on [their] network that appears to have been a coordinated attempt to access secure areas of the Evernote service".
It added: "While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords."
The firm apologised "for the annoyance" caused by the breach, which it said is becoming "far more common" at other "large services".
Source: BBC News