Zello asks users to reset passwords as cyber incident speculated
Push-to-talk walkie-talkie app Zello has asked its users to reset their passwords following what appears to be a security incident.
Zello, which is used by 140 million users including first responders, transportation workers, hospitality staff and more, posted a notice over the past two weeks, starting Nov. 15, asking users to reset their passwords.
“Zello Security Notice: As a precaution, we ask that you reset the Zello app password for any accounts created before November 2, 2024,” the notice said.
“We also recommend that you change your passwords for any other online services where you have used the same password.”
Otherwise, customers have not received any news about why passwords need to be reset. However, the specific date before November 2 and the password reset suggest that a security incident may have resulted in threat actors gaining access to the passwords in what could be a data breach, hacker attack, ransomware or a credential stuffing attack.
Additionally, a data breach in July 2020 caused Zello to reset its users’ passwords.
“On July 8, 2020, we discovered unusual activity on one of our servers. We immediately launched an investigation, notified authorities and hired a leading independent forensic firm to assist,” Zello said.
“Through this investigation, we discovered that an unauthorized party may have accessed the email addresses used by our users in their Zello accounts and a hashed version of their passwords.”