The push-to-talk app, Zello, has disclosed a data breach that revealed user’s email addresses and hashed passwords after discovering unauthorized activity on their systems, via BleepingComputer
Zello is a mobile service with 140 million users that allows first responders, hospitality services, transportation, and family and friends to communicate via their mobile phones using a push-to-talk app.
Zello states that they discovered unauthorized activity on one of their servers on July 8th, 2020.
As part of this access, the hacker may have accessed the email addresses and hashed passwords of Zello accounts.
“On July 8, 2020, we discovered unusual activity on one of our servers. We immediately initiated an investigation, notified law enforcement and engaged a leading independent forensics firm to help. Through this investigation, we learned that it is possible that an unauthorized party may have accessed the email addresses used by our users on their Zello accounts and a hashed version of their passwords.”
While Zello does not explicitly state that a database was accessed, this was most likely how the threat actor could access the customer information.
According to the notification, Zello Work and Zello for First Responders customers were not affected by this breach.
Furthermore, as Zello requires users to login with a username and password, and as usernames were not accessed, they do not feel that any accounts were improperly accessed.
