Security firm SonicWall has revealed that an unauthorized party gained access to its cloud backup files containing firewall configuration data and encrypted credentials for all customers using its cloud backup service. Although the encryption remains intact, possession of these files could escalate the risk of targeted attacks.
The company is working to notify impacted partners and customers and has released tools to aid with device assessment and remediation. It urges users to log in to their MySonicWall accounts and check for any affected devices. The development comes after a recent security breach that compromised MySonicWall accounts, prompting a credential reset.
A list of impacted devices is available on the MySonicWall portal, labeled as Active (High Priority), Inactive, or Lower Priority based on their internet-facing services status. SonicWall has since taken steps to harden its infrastructure and strengthen authentication controls to prevent similar incidents in the future.
Users are advised to take immediate action by logging into their accounts and verifying if cloud backups exist for their registered firewalls. If backups are found, users should follow containment and remediation guidelines specific to their affected serial numbers.
Source: https://thehackernews.com/2025/10/hackers-access-sonicwall-cloud-firewall.html