Zello, a voice-first communication platform widely used by frontline workers, appears to have experienced a potential data breach or credential stuffing attack, prompting the company to advise users to reset their passwords. The warning applies to accounts created before 2 November 2024 and was issued on 15 November amid security concerns.
“As a precaution, we are asking that you reset your Zello app password for any account created before November 2nd, 2024,” reads the company’s security notice to its customers. “We also recommend that you change your passwords for any other online services where you may have used the same password.”
The Texas-based push-to-talk app boasts of over 175 million users across sectors including emergency response, hospitality, and transportation.
The exact nature of the security incident remains uncertain. However, the notice implies that malicious actors may have accessed customer credentials, either through a direct breach of Zello’s systems or by leveraging previously compromised passwords in a credential-stuffing attack.
The issue appears to impact accounts active before early November, which could mark the period of the incident. Zello has not disclosed further details but has urged affected users to act promptly to secure their accounts.
The potential breach comes at a time when Zello has been reinforcing its cybersecurity framework. In September, the company achieved ISO 27001 certification, a recognised standard for information security management systems. This accreditation requires organisations to implement and maintain robust measures to protect sensitive data.
Zello’s previous encounters with security challenges
In 2020, Zello faced a security incident involving unauthorised access to user credentials. The breach potentially exposed email addresses and hashed passwords. Zello said that it took immediate action upon discovering unusual activity on one of its servers. The company launched an investigation, notified law enforcement, and enlisted an independent forensics firm to assist.
As a precaution, Zello required all users to reset their passwords the next time they logged into the service. The company also advised users to change passwords for any other online services where they might have used the same password. While the full impact of the exposure remains unclear, the incident underscored the importance of securing user data and enhancing protection measures for communication platforms.
Read more: Cisco probes alleged data breach after hacker claims sale of information
