Push-to-talk app provider Zello, widely used by first responders, hospitality services, transportation professionals, and families, is urging customers to reset their passwords if their accounts were created before November 2, 2024.
This precautionary measure follows what appears to be another security incident involving the platform, which serves a global user base of over 140 million people.
In a security notice sent to users on November 15, Zello advised, “We are asking that you reset your Zello app password for any account created before November 2nd, 2024. We also recommend that you change your passwords for any other online services where you may have used the same password.” The alert directs users to a support page detailing how to reset their passwords.
Despite the warning, Zello has not provided further details about the nature of the incident, leaving customers in the dark about whether it was a data breach or a credential-stuffing attack. BleepingComputer’s attempts to obtain clarification from the company have gone unanswered.
The timing of the warning suggests the security issue may have occurred shortly before November 2. However, with little transparency from Zello, it remains unclear whether attackers gained access to user passwords directly or through another method.
This is not Zello’s first brush with security issues. In 2020, the company experienced a data breach that exposed customer email addresses and hashed passwords, forcing users to reset their login credentials.
For now, users impacted by this latest incident are advised to update their passwords immediately and to avoid reusing passwords across multiple accounts to mitigate further risks. As cybersecurity threats become increasingly prevalent, Zello’s limited communication on the issue raises questions about how companies handle user trust and transparency in the face of potential data breaches.
