[German]Brief note to readers who use SonicWall and have not yet received this information today. There was an incident in which backup files of the firewall configuration stored in certain MySonicWall accounts were exposed in the cloud. This allowed attackers to read the configuration information.
Advertising
Blog reader Adrian W. informed me via email about the incident (thanks for that), which was disclosed by SonicWall on September 17, 2025, in the support article MySonicWall Cloud Backup File Incident.
Backup files disclosed on MySonicWall.com
According to the vendor, the incident exposed backup files of the firewall configuration stored in certain MySonicWall accounts. According to SonicWall, there is a risk that the attacker could access the exposed firewall configuration files, which could contain information that would make it significantly easier to exploit firewalls.
When this incident was noticed, SonicWall investigated the matter and ultimately curtailed the unauthorized access to MySonicWall accounts. However, the configuration files had already been leaked and are now in the hands of the attackers, even though SonicWall has been cooperating with law enforcement agencies and selected cybersecurity authorities worldwide.
Affected MySonicWall.com users must take action!
SonicWall firewalls with preference files backed up on MySonicWall.com are affected. Due to the sensitivity of the configuration files, SonicWall strongly recommends that affected customers take the following measures immediately:
- Check whether cloud backups are enabled. If not, you are not at risk. If so, proceed to the next step.
- If cloud backup is enabled, check whether your account belongs to the affected serial numbers (these are marked in a banner after logging in).
If you are affected, follow the guidelines for containment and remediation (see here). SonicWall plans to provide additional instructions in the coming days to determine whether your backup files are affected.
Advertising
Advertising
