Zello, the push-to-talk app has revealed a data breach in which the email addresses and hashed passwords of the users have been exposed.
Zello is a mobile service having more than 140 million users that allows first responders, hospitality services, transportation, and family and friends to communicate via their mobile phones using a push-to-talk app.
The company became aware of the breach when they discovered unauthorized activity on one of their servers on July 8th, 2020. They immediately started an investigation and notified the law agencies.
It is found that the hacker may have accessed the email addresses and hashed passwords of Zello accounts.
Zello Work and Zello for First Responders customers were however not affected by this breach.
Since Zello needs users to login with a username and password, and as usernames were not accessed, they do not feel that any accounts were improperly accessed.
As a precaution, Zello is forcing a mandatory password reset on all Zello accounts the next time they log into the service.
As the threat actor managed to access the email addresses and hashed passwords of Zello users, there are chances that they can crack the password to gain access to the clear-text password. They can then perform ‘credential stuffing attack’ to log into other sites that the users may also have an account.
So, it is highly recommended that all the affected users need to change their password at any site that utilizes the same password as their Zello account.