SonicWall has issued an urgent advisory to its customers, urging them to reset all login credentials. This comes after security researchers discovered that configuration backup files from the company’s MySonicWall platform were inadvertently exposed on public storage. These files contained sensitive data, including encrypted passwords, pre-shared keys, and TLS certificates, which could be exploited by threat actors to decrypt credentials and gain unauthorized access to organizational networks.
The company’s advisory, published in a knowledge base article on September 17, confirmed that firewall configuration backup files in some MySonicWall accounts had been improperly accessible online. These files are known to contain a range of sensitive information, such as user settings, VPN keys, and SSL certificates. Historically, both ransomware groups and nation-state actors have leveraged similar exfiltrated configuration files to plan and execute subsequent attacks.
While SonicWall has successfully contained the exposure and is collaborating with law enforcement, the company is still cautioning that organizations using its cloud backup feature should act quickly to prevent any potential unauthorized access. The risk of these exposed files being used maliciously is a serious concern, as they could provide a direct pathway into a company’s internal network.
For customers whose specific serial numbers were impacted by this incident, SonicWall has placed an informational banner on their MySonicWall accounts. This direct notification is intended to ensure that the most vulnerable customers are aware of the threat and can take immediate action.
For other users who may have enabled the cloud backup feature but do not see a specific serial number listed as impacted, SonicWall has stated that additional guidance will be forthcoming. The company’s goal is to ensure all customers who may be at risk are provided with the necessary information to secure their networks and mitigate any potential damage.
Reference:
