- Sonicwall Cloud Backup Breach Exposed Firewall Config files from many global customers
- Attackers Brute-Tvungen Mysonicwall, risk of legitimation leaks and targeted network infrusion
- Sonicwall encourages users to delete backups, rotate secrets and recreate configurations locally
All companies using Sonicwalls Mysonicwall Cloud -backup feature have had their Firewall configuration files postponed in a recent cyberattack, the company has admitted.
After initially claiming that “fewer than 5%” of its customer base was affected, the company has revealed the true scope of the incident.
In mid-September 2025, Sonicwall warned his firewall customers to reset their passwords by named threat actors broke-tuned into the company’s Mysonicwall Cloud Service. This tool provides Sonicwall Firewall users (typically companies and IT teams) to back up their Firewall configuration files, including network rules and access policies, VPN configurations, service registrations (LDAP, Radius, SNMP) or admin user names and passwords (if stored in configuration).
Other services intact
In theory, attacks brute -force or decrypt the secrets, extracting credentials used in services bound to firewall, understanding network topology and rules -bypassing defense easier and launching targeted attacks using insider knowledge of how firewalls are configured.
“While encryption remains in place, possession of these files can increase the risk of targeted attacks,” the message reads. “We are working to notify all affected partners and customers and have released tools to help with device assessment and remedy.”
At that time, Sonicwall said fewer than 5% of its customer base was affected by this incident, which at worst would set the number of victims of 25,000.
However, it seems that the actual number of victims is much larger – Sonicwall claims it earns approx. 500,000 customers globally, although that doesn’t mean all of them use firewall or cloud backup services.
The company also said the attack did not affect other Mysonicwall services or customer units, but still encouraged its customers to be vigilant, delete existing cloud backups, change their credentials, rotate shared secrets and recreate new backups locally.
Via Registered
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
