23.09.2025
2 min
498
SonicWall, a well-known VPN and firewall provider, reported unauthorized access to its cloud backup service. Hackers were able to obtain firewall configuration files containing critical data: usernames, VPN passwords, tokens, and service configurations.
SonicWall, a well-known VPN and firewall provider, reported unauthorized access to its cloud backup service. Hackers were able to obtain firewall configuration files containing critical data: usernames, VPN passwords, tokens, and service configurations.
The company stressed that while all credentials were encrypted, customers are advised to change their passwords and access keys immediately. The vulnerability affected less than 5% of installed devices, but experts warn that even encrypted data could become the basis for further attacks.
CISA explained in its statement that attackers used brute force attacks against the MySonicWall.com portal, gaining access to some of the client backups. Vulnerable devices can become entry points for larger attacks.
The new incident puts SonicWall in an even more difficult position: despite claims of a “limited scope” of the problem, the event once again proved that even cloud backup services can become a weak point in protecting corporate networks.
The SonicWall incident highlighted how critical it is for companies to respond quickly to configuration data breaches. Even if passwords are encrypted, simply accessing backups poses high risks. Users should update firmware, reset all accounts, and check logs for suspicious activity. The cybersecurity industry should take this attack as another reminder that backups require the same attention and protection as the primary data.
