Article Details

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks. SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all partners and customers, adding it has released tools to assist with device assessment and remediation. The company is also urging users to log in and check for their devices. The development comes a couple of weeks after SonicWall urged customers to perform a credential reset after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The list of impacted devices available on the MySonicWall portal has been assigned a priority level to help customers prioritize remediation efforts. The labels are as follows - It previously stated that the threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its customers, while emphasizing that the credentials within those files were encrypted but that they also included "information that could make it easier for attackers to potentially exploit the related firewall." Users are advised to follow the steps below with immediate effect - SonicWall said in cases where customers have used the Cloud Backup feature but no Serial Numbers are shown or only some of the registered Serial Numbers are displayed, it will provide additional guidance in coming days.