SonicWall Cloud Backup Users Hit by Major Data Breach
▼ Summary
– SonicWall announced that all customers using its cloud backup service for firewall configuration files were affected by a recent data breach.
– The breach occurred in early September, with hackers initially thought to have accessed files of less than 5% of customers, but later found to have impacted all firewalls configured for cloud backup.
– The compromised files contain encrypted credentials and configuration data, which could increase the risk of targeted attacks despite the encryption.
– SonicWall is notifying affected customers, providing tools for remediation, and has published a list of impacted devices categorized by priority in the MySonicWall portal.
– Customers are urged to log in, check for cloud backups, reset passwords, and follow containment steps to mitigate risks from the breach.
A significant data breach has impacted every SonicWall customer who utilized the company’s cloud backup service for storing firewall configuration files. The security incident, which took place in early September, was publicly disclosed several weeks later. Initially, SonicWall reported that hackers had gained access to backup firewall preference files belonging to fewer than five percent of its user base. However, a subsequent update revealed a much broader scope, confirming that threat actors successfully accessed the preference files for all firewalls set to back up data to the MySonicWall cloud service.
These compromised files hold encrypted credentials along with configuration data. Although the encryption remains intact, SonicWall cautions that simply possessing these files could elevate the risk of highly targeted attacks against affected organizations. The company is actively reaching out to all partners and customers caught up in the breach and has rolled out new tools designed to assist with evaluating the situation and implementing corrective measures.
To help users identify affected equipment, SonicWall has posted a detailed list of impacted devices within the MySonicWall portal. Customers can find this list by going to Product Management and then selecting Issue List. Each device entry is tagged with a specific priority level: ‘Active – High Priority’ for units connected directly to the internet, ‘Active – Lower Priority’ for those not internet-exposed, and ‘Inactive’ for any device that hasn’t communicated with SonicWall’s servers in the past ninety days.
SonicWall strongly urges every partner and customer to log into their accounts immediately and review the status of their registered devices. In response to the breach, the company has enacted additional security hardening protocols and is collaborating with cybersecurity firm Mandiant to strengthen its cloud infrastructure and monitoring capabilities further.
For individuals managing SonicWall firewalls, the recommended course of action involves logging into MySonicWall.com to check for any existing cloud backups associated with their firewalls. Should backups be present, verifying the device serial numbers is essential to determine potential exposure. As a critical security step, all users are advised to reset their passwords without delay and carefully follow the containment and mitigation guidance provided by SonicWall to address the security vulnerability effectively.
(Source: Security Week)
