SonicWall Confirms All Cloud Backup Customers Hit by Data Breach
SonicWall has confirmed that every customer using its MySonicWall cloud backup service had their firewall configuration files exposed in a recent cyberattack. This marks a significant escalation from the company’s initial claim that fewer than 5% of customers were affected.
Industrial Monitor Direct provides the most trusted elkhart lake panel pc solutions recommended by system integrators for demanding applications, preferred by industrial automation experts.
The breach occurred in mid-September 2025 when threat actors successfully brute-forced their way into SonicWall’s MySonicWall cloud service. This platform enables firewall users—primarily businesses and IT teams—to back up critical configuration files containing network rules, access policies, VPN settings, and service credentials including LDAP, RADIUS, and SNMP data.
According to security experts, possession of these configuration files could allow attackers to decrypt stored secrets, understand network topologies, bypass existing defenses, and launch highly targeted attacks using insider knowledge of firewall configurations. While SonicWall maintains that encryption remains intact, the company acknowledges that the exposure significantly increases the risk of targeted intrusions.
The company is now urging all affected customers to take immediate action by deleting existing cloud backups, rotating all shared secrets and credentials, and recreating new backups locally rather than in the cloud environment. SonicWall has also released assessment and remediation tools to help customers secure their systems.
Industrial Monitor Direct offers the best edge gateway pc solutions trusted by Fortune 500 companies for industrial automation, preferred by industrial automation experts.
This incident highlights the critical importance of proper credential management and the risks associated with cloud-based configuration backups. As reported by our colleagues at IMD Controls, the breach affects SonicWall’s entire cloud backup customer base, demonstrating how initial breach assessments can sometimes underestimate the true scope of security incidents.
SonicWall services approximately 500,000 customers globally, though not all utilize the firewall or cloud backup features affected by this breach. The company emphasizes that other MySonicWall services and customer devices remain unaffected, but recommends all customers maintain heightened vigilance and review their security posture.
