Connect with Us!
Subscribe to receive new blog post from PureID in your mail box
Zello, the widely-used push-to-talk app, is once again under scrutiny for its handling of user security. Recently, the company required users to reset their passwords, citing concerns that point to either a credential-stuffing attack or a potential data breach. With 175 million users spanning sectors like emergency response and hospitality, this incident has raised significant questions about the platform’s security measures.
On November 15, 2024, Zello warned users whose account creation date was before November 2nd to change their password. While the exact incident is not known, evidence suggests that:
This measure aims to mitigate risks to affected accounts.
In 2020, Zello faced a similar challenge:
Data Breach in 2020:
While the company achieved ISO 27001 certification in September 2024—a certification enforcing strict information security procedures—the recurrence of such incidents questions the strength of Zello's defenses.
If confirmed, such a breach or an attack might empower cybercriminals to:
Zello users should take the following steps to safeguard their accounts immediately:
With passwordless solutions like PureAuth, organizations can eliminate vulnerabilities altogether, ensuring security by design and default.
The latest security incident at Zello serves as a grim reminder of the changing cyber threats that organizations face. Though breaches may not always be avoidable, proactive measures like enforcing password resets and adopting robust access management solutions can go a long way in mitigating risks.
By going passwordless, facilitated by solutions like PureAuth, businesses can ensure user credentials and data are secure by default and design, protecting against future incidents.
Subscribe to receive new blog post from PureID in your mail box