- SonicWall cloud backup breach exposed firewall config files of many global customers
- Attackers brute-forced MySonicWall, risking credential leaks and targeted network intrusions
- SonicWall urges users to delete backups, rotate secrets, and recreate configurations locally
All companies using SonicWall’s MySonicWall cloud backup feature have had their firewall configuration files exposed in a recent cyberattack, the company has admitted.
After initially claiming “fewer than 5%” of its customer base was affected, the company has revealed the true scale of the incident.
In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames and passwords (if stored in config).
Other services intact
In theory, the attackers could brute-force or decrypt the secrets, extracting credentials used in services tied to the firewall, understand network topology and rules – bypassing defenses more easily, and launch targeted attacks using insider knowledge on how the firewalls are configured.
“While encryption remains in place, possession of these files could increase the risk of targeted attacks,” the notification reads. “We are working to notify all impacted partners and customers and have released tools to assist with device assessment and remediation.”
At the time, SonicWall said that fewer than 5% of its customer base was affected by this incident which, at worst, would put the number of victims at 25,000.
However, it now seems that the actual number of victims is a lot greater – SonicWall claims it services roughly 500,000 customers globally, although that doesn’t mean that all of them are using firewall, or cloud backup services.
The company also said the attack did not affect other MySonicWall services, or customer devices, but still urged its customers to be vigilant, delete existing cloud backups, change their credentials, rotate shared secrets, and recreate new backups locally.
Via The Register
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
About the Author
