Why It Matters
The exposure of millions of firewall configuration files and credentials creates a broad attack surface that could enable downstream compromises across many enterprises, underscoring the heightened risk posed by state‑sponsored actors targeting cloud backup services. It forces organizations to reevaluate backup security and credential management practices.
Summary
SonicWall confirmed that a state‑sponsored threat actor accessed its MySonicWall cloud backup service via an API call, compromising backup files for up to 500,000 customers worldwide. The breach, initially reported as affecting fewer than 5% of clients, was later said to impact all customers, though SonicWall says its products, firmware, source code and customer networks remain untouched. The stolen data includes firewall configurations, VPN settings and credentials that could be leveraged for further attacks. SonicWall is working with Mandiant and other security firms to remediate the incident and harden its cloud infrastructure.
SonicWall blames state hackers for damaging data breach
Comments
Want to join the conversation?
Loading comments...