Hackers Breach SonicWall Cloud Firewall Backups, Prompting Urgent Security Reviews

/ Daily Cyber News, Cloud Security, Cybercrime, Exploitation, Network Security, Threat

SonicWall revealed on Wednesday that an unauthorized party gained access to firewall configuration backup files of customers using its cloud backup service. The compromised files contain encrypted credentials and configuration data. While the encryption remains active, possession of these files may increase the risk of targeted attacks

The company is actively notifying all affected partners and customers and has released tools to assist with device assessment and remediation. Users are advised to log in to their accounts and verify their devices.

This announcement follows a recent advisory where SonicWall urged customers to reset credentials after a previous breach affected MySonicWall accounts.

To help customers prioritize remediation, affected devices on the MySonicWall portal have been categorized as follows:

  • Active – High Priority: Devices with internet-facing services enabled
  • Active – Lower Priority: Devices without internet-facing services
  • Inactive: Devices that have not connected for 90 days

Initially, SonicWall claimed that less than 5% of customers were impacted. However, the latest review confirms broader access to backup firewall preference files. Although the credentials remain encrypted, these files contain information that could make firewalls more vulnerable to exploitation.

SonicWall has not disclosed the total number of customers using cloud backup, the start date of the attack, or the identities of the attackers. The company has strengthened its infrastructure, implemented additional logging, and introduced stronger authentication controls to prevent future incidents.

Immediate Steps for Users:

  • Log in to your MySonicWall.com account and check for cloud backups of registered firewalls
  • If fields are blank, there is no impact
  • If backup details are visible, verify whether impacted serial numbers are listed
  • For listed serial numbers, follow the containment and remediation guidelines provided by SonicWall
  • If some or no serial numbers appear for cloud backup users, SonicWall will provide further guidance soon

Related Posts