SonicWall has confirmed that all customers using its cloud backup service to store firewall configuration files were affected by a recent data breach.
The breach, which occurred in early September and was initially reported weeks later, was originally believed to have impacted less than 5% of customers. However, a new update on October 8 revealed that threat actors accessed configuration files for all firewalls backed up to the MySonicWall cloud service.
“The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks,” the company has warned in an advisory.
The vendor is actively notifying affected customers and partners, and has released assessment and remediation tools. A list of impacted devices is now available in the MySonicWall portal under Product Management > Issue List.
SonicWall is urging all users to log into their MySonicWall accounts to verify if their devices are at risk. Customers should also reset all passwords and follow the company's containment and mitigation guidelines.
