The push-to-talk app, Zello, has disclosed a data breach that revealed user’s email addresses and hashed passwords after discovering unauthorized activity on their systems. Zello is forcing a mandatory password reset on all Zello accounts the next time they log into the service. As the threat actor gained access to the email addresses of Zello users, they can potentially crack the password. The hacker can then utilize the list of email addresses in a ‘credential stuffing attack’ where the attackers try to log into other sites that the users may also have an account.
Source: https://www.bleepingcomputer.com/news/security/zello-resets-all-user-passwords-after-data-breach/