SonicWall on Wednesday announced that all customers who used its cloud backup service to store firewall configuration files were impacted by a recent data breach.
The incident occurred in early September and was disclosed a couple of weeks later, when SonicWall said hackers had accessed the backup firewall preference files of less than 5% of its customers.
In an October 8 update, the company said the threat actors accessed the preference files of all firewalls that were configured to back up the files to the MySonicWall cloud backup service.
“The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks,” SonicWall warns.
The company says it is in the process of notifying all affected partners and customers, and has released tools to aid with assessment and remediation efforts.
SonicWall has published a list of impacted devices to the MySonicWall portal, and customers can access it by navigating to Product Management > Issue List.
Each device is identified as either ‘Active – High Priority’, meaning it is exposed to the internet, ‘Active – Lower Priority’, if the device is not exposed to the internet, or ‘Inactive’, if it has not pinged home for 90 days.
“We urge all partners and customers to log in and check for their devices. SonicWall has implemented additional security hardening measures and is working closely with Mandiant to further enhance its cloud infrastructure and monitoring systems,” the company notes.
All customers should log in to their MySonicWall.com accounts and check if there are cloud backups for their registered firewalls. If such backups exist, customers should check the device serial numbers to determine if the firewalls are at risk.
The company urges customers to reset all their passwords and to follow the steps described in its containment and mitigation documentation to resolve the issue.
Related: Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues
Related: SonicWall Updates SMA 100 Appliances to Remove Overstep Malware
Related: DraftKings Warns Users of Credential Stuffing Attacks
Related: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
