Zello tells users to reset passwords after suspected data breach
- Push-to-talk app Zello warns users to change their password immediately
- It also told them to change the passwords for every other online service where they used the same one
- The company has not explained what happened
Push-to-talk communications app Zello has warned users to change their passwords – and while it didn’t specify why it asked them to do so, the wording of the message suggests the company has suffered a data breach.
“Zello Security Notice – Out of an abundance of caution, we ask that you reset your Zello app password for any account created before November 2, 2024,” the alert reads. BleepingComputer.
This could indicate that the login details for all accounts created before this date have gone to unauthorized third parties. This does not necessarily mean that the company has been hacked.
Trust, but verify
In addition, information on such databases may have been inadvertently shared with third party partners or other unauthorized entities.
In any case, Zello urges users to lock their accounts: “We also recommend that you change passwords for any other online service where you may have used the same password.”
When storing passwords and other sensitive data, most organizations encrypt them in a way that makes them nearly impossible to read. Given the clear warning in this announcement, we might speculate that the Zello passwords are stored in plaintext or some other easily readable format.
Zello is a push-to-talk communication app that functions like a walkie-talkie and allows real-time voice messaging over Wi-Fi or mobile data. It is widely used for team collaboration, emergency response and social interactions, providing private and public channels with low latency and high audio quality. It notably suffered a cyberattack in 2020, when it also asked all users to reset their passwords, raising fears that this could have happened again.
The app is available for Android, iOS and desktop devices and reportedly has around 140 million users.
Companies often unintentionally keep large databases of sensitive data on the Internet. However, white hat hackers and security researchers often defeat criminals with these discoveries and alert the companies before significant damage can be done.
