Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
SonicWall confirms data breach. Cloud backup service customers at risk.

SonicWall confirms data breach. Cloud backup service customers at risk.

Redazione RHC : 11 October 2025 08:27

SonicWall confirmed that a data breach last month affected all customers using the company’s cloud backup service. As a result, firewall configurations stored on MySonicWall were compromised.

MySonicWall is a portal for SonicWall customers that allows them to manage product access, licensing, registration, firmware updates, support requests and cloud backups of firewall configurations (.EXP files).

Users are advised to immediately follow the steps below:

  • Log in to your MySonicWall.com account and check if there are cloud backups for your registered firewalls.
  • If the fields are empty, there is no impact
  • If the fields contain backup details, check whether the affected serial numbers are listed in the account
  • If serial numbers are displayed, users should follow the containment and recovery guidelines for the listed firewalls.

In mid-September 2025, SonicWall urged its customers to change their login credentials as soon as possible, as a cyberattack on MySonicWall accounts had compromised firewall configuration backup files.

At the time, details of the attack were not disclosed, and SonicWall said it had blocked the attackers’ access to the company’s systems and was already cooperating with cybersecurity agencies and law enforcement.

The company has published detailed recommendations designed to help administrators minimize the risk of exploiting stolen configurations. Specifically, it recommends reconfiguring potentially compromised secrets and passwords as soon as possible and monitoring potential attacker activity.

At the time, the provider reported that about 5% of its total customers used the cloud backup service, but the attack had only affected “a few accounts.”

In an update released this week, SonicWall warned that the incident affected all customers using a cloud portal to store firewall configuration files.

SonicWall has completed its investigation, conducted in collaboration with leading customer relationship management company Mandiant, into the scope of a recent cloud backup security incident. The investigation confirmed that an unauthorized party accessed the firewall configuration backup files of all customers using SonicWall’s cloud backup service. The files contain encrypted credentials and configuration data; while encryption remains in effect, possession of these files could increase the risk of targeted attacks. We are working to notify all affected partners and customers and have released tools to support device assessment and troubleshooting. The final, updated and complete lists of affected devices are now available on the MySonicWall portal (go to Product Management > Problem List).

It is noted that the compromised files contain credentials and configuration data encrypted with AES-256.

Users can check if their devices are affected by logging into MySonicWall and going to Product Management -> Issue List. If any pending issues exist, users should follow the steps outlined in the Essential Credential Reset guide, prioritizing active firewalls with internet access.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli