SonicWall has confirmed that an unauthorized party gained access to its cloud backup service, compromising configuration backups of firewall devices. The exposure includes encrypted credentials and configuration data — while data is encrypted, possession could enable targeted attacks.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
What Was Exposed and How Serious It Is
The compromised files belong to customers who use the cloud backup feature. They contain network configurations, firewall rules, and credentials. SonicWall states it is working closely with affected users, pushing remediation tools and urging device assessments. Devices are now categorized by priority — ones with internet-facing services flagged “high priority,” others marked “lower priority” or “inactive.”
Originally, SonicWall claimed the breach affected less than 5% of its customers. However, investigations revealed that the accessed files could aid attackers in constructing deeper, more precise intrusions into affected networks. The company says it has hardened infrastructure, improved logging, and tightened authentication controls in response.
What Users Must Do Immediately
Customers using the cloud backup service are urged to log in to MySonicWall, check for presence of backup files, and verify device serial numbers. If any backed-up data is present, users should follow SonicWall’s containment and remediation guidelines — such as resetting credentials, reviewing firewall rules, and scanning for unauthorized changes.
Experts warn that encryption alone is no guarantee when attackers hold both time and data. Weak passwords or reused credentials could be cracked offline. The incident underscores the risk of holding critical network data in cloud backups without robust controls and oversight.
