SonicWall breach hit every cloud backup customer, not 5%

SonicWall breach hit every cloud backup customer, not 5%

Briefly

"In an updated statement published on Wednesday, the Texas-based network security vendor said its investigation had determined that "all customers" who utilized the MySonicWall cloud backup feature were affected, confirming that attackers had accessed configuration backup files stored on its systems. These backups typically include firewall settings, policies, and network configurations, making them a valuable target for anyone seeking to map internal infrastructure or pivot into connected environments."

"When SonicWall first disclosed the breach on 17 September, it claimed the incident was limited to "less than 5 percent" of customers. At the time, the company said it had detected "suspicious activity" against the cloud backup environment used by its next-generation firewalls and promptly disabled the service "out of an abundance of caution.""

"That initial reassurance now appears premature. SonicWall's latest post-mortem, which follows an independent investigation and external forensics review, confirms that the attackers successfully accessed data belonging to every customer who had ever used the cloud backup service, regardless of when their backups were created. While SonicWall insists the intrusion did not affect other MySonicWall services or customer devices, it's urging administrators to treat the incident seriously."