SonicWall Breach Exposes All Cloud Backup Customers' Firewall Configs (csoonline.com)
(Friday October 10, 2025 @11:30PM (BeauHD)
from the PSA dept.)
- Reference: 0179747922
- News link: https://it.slashdot.org/story/25/10/10/2058250/sonicwall-breach-exposes-all-cloud-backup-customers-firewall-configs
- Source link: https://www.csoonline.com/article/4070992/data-leak-at-sonicwall-affects-all-cloud-backup-customers.html
An anonymous reader quotes a report from CSO Online:
> On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that " [1]all customers" using the MySonicWall cloud backup feature were affected . According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its [2]press release .
>
> Security specialist Arctic Wolf also [3]warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks.
SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information [4]here .
[1] https://www.csoonline.com/article/4070992/data-leak-at-sonicwall-affects-all-cloud-backup-customers.html
[2] https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
[3] https://arcticwolf.com/resources/blog/sonicwall-concludes-investigation-incident-affecting-mysonicwall-configuration-backup-files/
[4] https://www.sonicwall.com/support/knowledge-base/remediation-playbook/250916130050523
> On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that " [1]all customers" using the MySonicWall cloud backup feature were affected . According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its [2]press release .
>
> Security specialist Arctic Wolf also [3]warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks.
SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information [4]here .
[1] https://www.csoonline.com/article/4070992/data-leak-at-sonicwall-affects-all-cloud-backup-customers.html
[2] https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
[3] https://arcticwolf.com/resources/blog/sonicwall-concludes-investigation-incident-affecting-mysonicwall-configuration-backup-files/
[4] https://www.sonicwall.com/support/knowledge-base/remediation-playbook/250916130050523
Don't be so bloody stupid ... (Score:5, Insightful)
by Alain Williams ( 2972 )
and backup sensitive information like this into someone else's cloud. Yes it might be easier but you are just inviting trouble.
Re: (Score:2)
by gweihir ( 88907 )
For some reason, if it makes things cheaper, many "decision makers" prefer the "bloody stupid" approach.
The Cloud is based on Trust. (Score:3)
by oldgraybeard ( 2939809 )
That you won't verify anything the cloud provider tells you.
That is what the cloud is good for (Score:2)
by Revek ( 133289 )
Its good for pissing on you and calling it rain.
Save some time figuring out who to email the alert (Score:2)
by thesjaakspoiler ( 4782965 )
Let's see if they also put all email addresses in the CC field.
No surprise (Score:5, Insightful)
The lack of responsible product development will continue until there is adequate responsibility for irresponsible product development.
Yours, Capt. Obvious.
Re: (Score:2)
Alas, that would give us vibe responsibility, not adequate responsibility.
Re: (Score:2)
Indeed. Real liability or things will just get worse. Economics graduates cannot self-regulate, they will just make things cheaper and cheaper until everything breaks.
For really bad failures (such as this one) I would also like to see _personal_ liability of the c-level fuckup responsible.