Cyber Incident Victim: Zello

On July 8, 2020, Zello detected unauthorized activity on one of its servers, prompting an immediate investigation involving law enforcement notification and engagement of an independent forensics firm. The investigation concluded that an attacker potentially accessed email addresses and hashed passwords associated with Zello user accounts. The company did not explicitly confirm database access but indicated this was the probable method of data exposure. The breach affected standard Zello accounts but did not compromise Zello Work or Zello for First Responders accounts, which remained unaffected. Zello emphasized that usernames were not accessed during the incident, reducing the likelihood of unauthorized account logins since the platform requires both username and password for authentication.

In response to the breach, Zello enforced a mandatory password reset for all standard accounts upon users’ next login. The company warned that attackers could attempt to crack the hashed passwords to obtain plaintext credentials, which might then be used in credential stuffing attacks against other services where users employed identical passwords. Zello advised affected users to change passwords on any platforms sharing credentials with their Zello accounts and recommended adopting unique passwords per service, suggesting password managers as a practical solution. No evidence indicated misuse of the compromised data prior to the containment measures. The incident impacted an unspecified subset of Zello’s 140 million users, though the company did not disclose the exact number of affected accounts or technical details regarding the hashing mechanisms employed for password protection.