November 27, 2024 at 02:48PM
Zello warns users to reset passwords for accounts created before November 2, 2024, due to a potential security breach. Customers have received notices but no additional information. The incident follows a previous data breach in 2020, raising concerns about password security and unauthorized access to user accounts.
### Meeting Takeaways:
1. **Security Alert from Zello**:
– Zello has issued a warning for customers with accounts created before November 2, 2024, to reset their passwords due to a potential security breach.
2. **User Impact**:
– This alert affects its 140 million users, particularly those in first responder, hospitality, and transportation sectors who utilize Zello’s push-to-talk communication service.
3. **Recent Notifications**:
– Many users received a security notice on November 15, advising them to reset their app passwords and change passwords for other online services using the same credentials.
4. **Lack of Communication**:
– Customers who received the notice have reported insufficient follow-up information from Zello. Attempts by BleepingComputer to contact Zello for further clarification have gone unanswered.
5. **Nature of the Incident**:
– The exact nature of the incident remains uncertain—Zello has not confirmed if it was a data breach or a credential stuffing attack. Nonetheless, it suggests that threat actors may have gained access to user passwords.
6. **Previous Breach**:
– Zello experienced a data breach in 2020, which led to a similar requirement for users to reset passwords due to stolen email addresses and hashed passwords.
7. **Action Steps for Users**:
– Users are encouraged to follow the instructions provided in the security notice to change their passwords appropriately. A support page is available to guide users on how to reset their passwords within the Zello app.
### Recommended Actions:
– Ensure all users are informed about the security notice and the recommendations provided by Zello.
– Monitor further communications from Zello regarding this incident for any updates or additional actions required.