SonicWall warned customers to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. After detecting the incident, SonicWall has cut off the attackers’ access to its systems and has been collaborating with cybersecurity and law enforcement agencies to investigate the attack’s impact.
The consequences of the incident could be dire, as these exposed backups might give threat actors access to sensitive information, such as credentials and tokens, for any or all services running on SonicWall devices on their networks.
Affected Products
SonicWall states that firewall configuration backup files stored in certain MySonicWall accounts were affected, but the full scope of this incident hasn’t been fully detailed by SonicWall at this time. Based on SonicWall’s current advisory, the incident affects SonicWall customers that have backed up configuration files to MySonicWall.
What You Should Do
- Disable or restrict WAN access before making changes.
- Reset all credentials, API keys, and authentication tokens (VPN, services, accounts).
- Update related passwords and secrets (ISP, DNS, email, LDAP/RADIUS, etc.).
- Review SonicWall’s Essential Credential Reset bulletin for the full checklist. (Info Below)
It is recommended that organizations monitor SonicWall’s advisory page for up-to-date details on this incident. They provide a list of recommendations to help identify and remediate devices that are affected. Additionally, SonicWall has set up a dedicated support team to help organizations remediate this security incident. If you need assistance, log in to MySonicWall and open a new case.
Admiral Managed Services Clients, this has been taken care of for you! If you are a Managed Protection Service Suite customer (MPSS) then this was taken care of by the SonicWALL Managed Security team within 24 hours of the announcement.
If you have questions or need assistance, contact a member of the Admiral team.
