Zello Alerts Users to Change Passwords Amid Security Concerns

Zello Alerts Users to Change Passwords Amid Security Concerns

Penka Hristovska Penka Hristovska
Published on: November 29, 2024 Senior Editor

The Texas-based push-to-talk app Zello is urging users to change their passwords if their accounts were created before Nov. 2 following what seems to be another security incident.

“Zello Security Notice. As a precaution, we are asking that you reset your Zelle app password for any account created before November 2nd, 2024. We also recommend that you change your passwords for any other online services where you may have used the same password,” reads Zello’s warning.

The Zello app lets users turn their phones into walkie-talkies, provided they have an active network or Wi-Fi connection. Users can initiate one-on-one or group chats that are fully encrypted end-to-end, and quickly send voice messages or photos. The company has more than 145 million users across sectors like hospitality, transportation, and emergency response.

So far, Zello hasn’t provided any specific details on the attack.

The potential breach comes at a time when Zello has been actively enhancing its cybersecurity measures. In September, the company achieved ISO 27001 certification, a recognized standard for information security management. This certification requires organizations to implement strong protocols to protect sensitive data.

This isn’t a first for Zello either. In 2020, the company similarly advised users to change their password after it discovered unusual activity on one of its servers that could have potentially allowed threat actors to access users’ email addresses and hashed passwords.

“Your password was not in plain text, but in a coded format generated through a cryptographic process known as “hashing,” Zello said at the time. “As a precaution, however, you should change your password for any other online services where you may have used the same password. It is also important to choose a strong password that is not easy to guess.”

The company also explained that it requires users to provide a username and password to log into their accounts, but that users don’t typically use their emails as usernames and that usernames weren’t compromised in the data breach.

Source of Article