MySonicWall Cloud Backup File Incident: All customers affected

Posted on 2025-10-10 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Brief note to readers regarding an unfortunate development at SonicWall. There was a recent incident in which backup files of the firewall configuration were exposed. While it was initially reported that only a few accounts were affected, it has now been announced that all accounts using cloud backup are affected. Attackers were able to read the configuration information.

Review of the backup incident

On September 17, 2025, SonicWall disclosed an incident in the support article MySonicWall Cloud Backup File Incident in which the backup files of the firewall configuration were accessible to unauthorized persons (see MySonicWall Cloud Backup File Incident: Configuration backup disclosed). At the time, it was stated that only backup files stored in certain MySonicWall accounts were affected. Approximately 5% of accounts were affected. SonicWall warned of the danger that attackers could access the disclosed firewall configuration files and obtain information that could make it significantly easier to exploit firewalls.

Report extended to all accounts

In the support article MySonicWall Cloud Backup File Incident, SonicWall now states that, in collaboration with Mandiant, it has completed its investigation into the scope of the above-mentioned security incident relating to cloud backups. The investigation confirmed that an unauthorized party accessed the firewall configuration backup files of all customers who used SonicWall's cloud backup service.

The backup files contain encrypted login details and configuration data. Although the encryption remains intact, there is a risk of misuse by the attackers who have stolen the files.

SonicWall is in the process of notifying all affected partners and customers and has provided tools to assist with device assessment and recovery. Updated and comprehensive final lists of affected devices are now available on the MySonicWall portal (navigate to "Product Management > Issue List"). Details can be found in the linked support article MySonicWall Cloud Backup File Incident. The Register has published a few sentences on the subject here.

A blog reader emailed me to say that the whole thing was a huge disaster. The list of affected customer devices has now grown from 17 to 112. According to a list provided to the reader, the backups were already "lost" at Sonicwall in early July 2025.

Similar articles:
MySonicWall Cloud Backup File Incident: Configuration backup disclosed
Akira hacks SonicWall VPN accounts (even those with MFA protection)
Early termination of support for SonicWall SMA100
Warning of attacks on SonicWall firewalls (SSL VPNs)

This entry was posted in Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).