"In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for every customer using the service."
"The breach began with a brute force attack targeting the MySonicWall cloud backup API, which stores encrypted firewall configuration files. These files include detailed network rules, credentials and routing data used to restore or replicate SonicWall firewalls. While the passwords and keys remain encrypted, the attackers now hold complete configuration data that could be valuable for mapping or exploiting customer networks."
"The investigation confirmed that an unauthorised party accessed firewall configuration backup files for all customers who have used SonicWall's cloud backup service. The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks."
In September 2025 SonicWall reported a data breach of its cloud backup service and initially said fewer than 5% of customers were affected. Subsequent analysis confirmed attackers accessed backup configuration files for every customer who used the cloud backup service. The breach began with a brute force attack against the MySonicWall cloud backup API that stores encrypted firewall configuration files. Those backups include detailed network rules, credentials and routing data used to restore or replicate SonicWall firewalls. Although passwords and keys in the files remain encrypted, possession of complete configurations increases the risk of targeted mapping and exploitation of customer networks.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]