Excerpt from DarkReading Article, Published on September 18, 2025
SonicWall recently disclosed a significant security breach where unknown attackers gained unauthorized access to firewall configuration backup files stored in the cloud for less than 5% of its firewall customer base. The breach occurred through brute-force attacks targeting SonicWall’s MySonicWall cloud backup service. While the credentials within these backup files were encrypted, the attackers accessed sensitive configuration data, including system settings, network, and firewall rules that could potentially help them exploit the related firewalls.
SonicWall confirmed it is unaware of any leaked backup files online but stressed the importance of resetting passwords and revoking compromised credentials to safeguard customer networks. The company immediately disabled the backup access feature and is working with cybersecurity experts and law enforcement to further investigate the incident.
This breach adds to SonicWall’s challenging year, which has also seen exploitation of vulnerabilities in its firewall and VPN products. Customers with backups enabled in MySonicWall are particularly urged to follow the containment and remediation steps shared by SonicWall, including limiting remote access, resetting passwords, and monitoring for suspicious activity.
The incident highlights the growing threats against cybersecurity vendors and underscores the critical need for robust security practices on both vendor and customer sides. SonicWall remains committed to transparency and supporting affected users through timely notifications and guidance. Customers can check their MySonicWall accounts for flags indicating if their firewall configurations were compromised.
To delve deeper into this topic, visit the DarkReading Article.
