SonicWall Urges Customers to Reset Credentials After MySonicWall Backups Were Exposed

In a recent warning to its customers, SonicWall has advised users to reset their credentials due to the exposure of firewall backup files tied to MySonicWall accounts. The company has confirmed that threat actors successfully accessed these backup files for fewer than 5% of its firewall install base, compromising sensitive information that could be used to exploit related firewalls.

The breach was detected by SonicWall's security teams after they identified suspicious activity targeting the cloud backup service for firewalls. An investigation revealed that the attackers had gained access to the preference files stored in the cloud, which included encrypted credentials but also potentially exploitable information.

Despite the risk, SonicWall assures customers that no files were leaked online by the threat actors. However, the breach still poses significant risks, and the company is urging users to take immediate action to secure their accounts.

Affected Customers: Know Your Risks

SonicWall Firewalls with preference files backed up in MySonicWall.com are impacted by this incident. To determine if your firewall is affected, check if cloud backups are enabled on your account. If they are not, there's no risk. However, if you have enabled cloud backups, look for flagged serial numbers, which indicate affected firewalls that require immediate remediation.

Customers who have used backups but do not see any flagged devices can expect further guidance from SonicWall soon. Meanwhile, the company recommends importing new preference files during maintenance windows or off-hours to minimize downtime. Note that this process will reboot the firewall immediately and disrupt certain features like IPSec VPNs, TOTP bindings, and user access.

Resetting Credentials: A Necessary Step

SonicWall has created a modified preferences file from the latest version found in cloud storage to update potentially exposed parameters. However, customers cannot simply import this new file; they must follow the company's guidance to manually reset their credentials in SonicOS.

Resetting credentials is essential to ensure the security and integrity of your firewall. Follow SonicWall's instructions carefully to minimize potential risks and protect your network from exploitation by threat actors.

Stay Informed: What to Expect Next

SonicWall will continue to work with cybersecurity experts and law enforcement agencies to determine the scope of the breach and provide further guidance to affected customers. Stay tuned for updates on this developing story and follow SonicWall's official channels for the latest information.

Remember, the security of your firewall is crucial to protecting your network from potential threats. Take proactive steps to secure your account and follow SonicWall's recommendations to minimize risks. By doing so, you'll be better equipped to respond to this incident and safeguard your organization against future attacks.