- SonicWall cloud backup breaches firewall configuration files of many global customers.
- Attackers brutalized MySonicWall, risking credential leaks and targeted network intrusions.
- SonicWall urges users to delete backups, alternate secrets, and recreate configurations locally
All companies using SonicWall’s MySonicWall cloud backup feature had their firewall configuration files exposed in a recent cyberattack, the company admitted.
After initially claiming that “less than 5%” of its customer base was affected, the company revealed the true scale of the incident.
In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after anonymous threat actors forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall Firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or administrator usernames and passwords (if stored in the configuration).
Other services intact
In theory, attackers could brute force or decrypt secrets, extract credentials used in firewall-related services, understand network topology and rules, more easily bypassing defenses, and launch targeted attacks using inside knowledge about firewall configuration.
“As long as encryption remains in place, possession of these files could increase the risk of targeted attacks,” the notification said. “We are working to notify all affected partners and customers and have released tools to assist with device assessment and remediation.”
At the time, SonicWall claimed that less than 5% of its customers were affected by this incident which, at worst, would cause 25,000 victims.
However, it now appears that the real number of victims is much higher: SonicWall claims to serve around 500,000 customers worldwide, although that doesn’t mean they all use firewall or cloud backup services.
The company also said the attack did not affect other MySonicWall services or customer devices, but nevertheless urged customers to be vigilant, delete existing cloud backups, change their credentials, rotate shared secrets, and recreate new backups locally.
Via The register
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
