- Push-to-talk app Zello warns users to change their passwords immediately
- It also told them to change the passwords for any other online service where they use the same one
- The company did not explain what happened
Push-to-talk communications app Zello has warned users to change their passwords – and although it did not state why it was asking them to do so, the wording of the message suggests that the company suffered a data breach.
“Zello Security Notice – As a precaution, we are asking that you reset your Zello app password for any account created before November 2nd, 2024,” the warning reads, reported BleepingComputer.
This would suggest that login information for all accounts created before this date were exposed with unauthorized third parties. This doesn’t necessarily have to mean that the company was hacked.
Trust, but verify
Furthermore, information about such databases could have been shared with third-party partners, or other unauthorized entities, by mistake.
In any case, Zello is urging users to lock down their accounts: “We also recommend that you change passwords for any other online service where you may have used the same password.”
When storing passwords and other sensitive data, most organizations would encrypt them in a way that makes it almost impossible to read. Given the stark warning in this announcement, we could speculate that the Zello passwords were stored in plaintext, or in other easily readable format.
Zello is a push-to-talk communication app that functions like a walkie-talkie, enabling real-time voice messaging over Wi-Fi or mobile data. It is widely used for team collaboration, emergency response, and social interactions, offering private and public channels with low latency and high audio quality. Notably, it suffered a cyberattack in 2020, when it also asked all users to reset their passwords – raising fears this could have happened again.
The app is available for Android, iOS, and desktop devices, and reportedly has roughly around 140 million users.
Companies often keep large databases with sensitive data exposed on the internet, inadvertently. However, white hat hackers and security researchers often beat criminals to the punch with these discoveries, alerting the firms before significant harm can be done.
- Hundreds of malware-laden fake npm packages posted online to try and trick developers
- Here’s a list of the best firewalls today
- These are the best endpoint protection tools right now