SonicWall announced on Wednesday that all customers who used its cloud backup service for storing firewall configuration files were impacted by a recent data breach.
Scope of the Breach
The incident, which occurred in early September 2025, initially appeared to affect less than 5% of customers. However, in an October 8 update, the company confirmed that threat actors accessed the preference files for all firewalls configured to back up files to the MySonicWall cloud service.
The accessed files contain encrypted credentials and configuration data. SonicWall warns that possessing these files "could increase the risk of targeted attacks" against users. No further details on the encryption status were immediately provided.
Mitigation and Required Actions
SonicWall is currently notifying all affected partners and customers and has provided tools to help with remediation. The company urges all users to take the following immediate steps:
- Check for Exposure: Log in to the MySonicWall portal and check the "Product Management > Issue List" to determine if their devices are listed as 'Active – High Priority' (exposed to the internet), 'Active – Lower Priority' (not internet-exposed), or 'Inactive'.
- Reset Credentials: Customers must reset all their passwords.
- Follow Guidance: Follow the detailed steps in SonicWall's containment and mitigation documentation to fully resolve the vulnerability.
SonicWall has implemented additional security hardening measures and is working with security firm Mandiant to enhance its cloud infrastructure and monitoring systems.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
