Zello asks users to reset passwords after security incident

Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.

Zello is a mobile service with 140 million users that allows first responders, hospitality services, transportation, and family and friends to communicate via their mobile phones using a push-to-talk app.

Over the past two weeks, numerous people have received security notices from Zello on November 15th asking them to reset their app password.

"Zello Security Notice - As a precaution, we are asking that you reset your Zelle app password for any account created before November 2nd, 2024," reads Zello’s warning.

"We also recommend that you change your passwords for any other online services where you may have used the same password."

Zello security notice sent to customers
Source: CyberIL

The "Learn More" button leads to a support page on how to change the password from the Zello app.

Customers who were sent this notice told BleepingComputer that they had not received any further information from Zello, and BleepingComputer’s repeated attempts to contact the company have remained unanswered.

At this point, it is unclear if Zello suffered a data breach or a credential stuffing attack, but the notice indicates that threat actors may have access to the passwords of the company's customers.

As Zello says this incident only impacts customers who had accounts prior to November 2nd, this is likely when the security incident occurred.

Zello previously suffered a data breach in 2020, requiring users to reset their passwords after threat actors stole customers' email addresses and hashed passwords.