SonicWall confirmed that attackers stole every firewall backup stored in its MySonicWall cloud. The company first claimed fewer than 5% of backups were affected but later admitted the breach reached all customers using the cloud backup feature.
Full Scope of the Attack
Hackers breached the MySonicWall portal and stole every firewall backup file in the cloud. These files contain encrypted credentials and configuration data from customer devices.
Even though the data remains encrypted, experts warn that attackers can analyze these backups to map network structures and plan targeted intrusions.
SonicWall clarified that all users of the cloud backup service must consider their data compromised. Every connected SonicWall firewall requires immediate security attention.
Company Response and Customer Guidance
SonicWall updated its breach report and posted a list of affected serial numbers in the MySonicWall portal. The company urges customers to take immediate steps to secure their systems.
Follow these recommendations:
- Reset all local user passwords right away.
- Regenerate and re-enroll Time-Based One-Time Passwords (TOTP).
- Update credentials for all connected services.
- Review network configurations and disable unnecessary access points.
SonicWall also promised future updates for users whose devices use cloud backups but do not yet appear on the affected list.
Broader Security Context
This incident adds pressure to SonicWall’s already tense security record. Earlier in the year, researchers found vulnerabilities in the SMA1000 and Central Management Console (CMC) systems that allowed remote code execution.
The Shadowserver Foundation reported over 3,000 SMA100 devices still unpatched, leaving them vulnerable. The SonicWall data breach highlights the urgent need for strong credential management and timely patching.
Conclusion
The SonicWall data breach proves how even encrypted data can become dangerous in the wrong hands. Customers must act quickly to reset passwords, update configurations, and restrict cloud access. With all firewall backups exposed, proactive protection is now the only way to prevent further compromise.
0 responses to “SonicWall Data Breach Exposes All Firewall Backups”