SonicWall reports that firewall configurations of all its customers using cloud backups may have been exposed.
SonicWall has confirmed that all customers using its cloud backup service have been affected by last month’s security incident. Previously, the company only reported that “firewall configuration files from certain MySonicWall accounts may have been exposed,” without providing further details.
Backups of Firewalls Exposed
SonicWall’s cloud backup service is used to store firewall configurations in so-called .EXP files. These configurations contain settings, keys, and authentication data. The investigation revealed that an unauthorized actor gained access to all firewall backups stored in the cloud.
Although the files are encrypted with advanced AES-256 encryption, SonicWall warns that the exposed information could be misused to penetrate firewalls more easily.
Users Must Reset Passwords and Keys
SonicWall advises all customers to immediately renew all passwords, API keys, and authentication tokens. According to Bleeping Computer, the company published a comprehensive checklist with crucial steps:
- change passwords of local users
- reset temporary access codes (TOTP)
- update shared keys in IPSec and VPN policies
- adjust passwords in L2TP/PPPoE/PPTP WAN interfaces
- set up new Cloud Secure Edge API key
In addition, SonicWall asks administrators to prioritize firewalls and regularly check the list of issues in the MySonicWall portal for risks. The investigation has been completed, but SonicWall still recommends continuing to monitor security notifications in the coming weeks.