SonicWall, a major provider of network security solutions, has alerted users about a recent data breach. The incident affected the cloud backups of its firewall preference files for a small percentage of its customers.
During the security incident, hackers gained access to these cloud-based backup files. These files contain sensitive information, including usernames, passwords, and other configuration details for services running on SonicWall devices. While the exposed credentials were encrypted, the company is urging affected customers to reset them as a precaution.
CISA Issues Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about the breach. According to CISA, a malicious actor used "brute force techniques" to gain access to a subset of customers' cloud backups via the MySonicWall.com web portal.
All SonicWall customers are advised to log in to their accounts to check if their devices have been impacted. The company is recommending a full credential reset for any affected devices, as well as following other mitigation measures.
Targeted Ransomware Campaign
Even before this breach, hackers have been targeting SonicWall firewalls. Security researchers at Arctic Wolf have warned of a targeted ransomware campaign, specifically by the Akira Ransomware group, that has been exploiting other vulnerabilities in SonicWall SSLVPNs since late July 2025.
SonicWall's guidance now includes updated indicators of compromise. The company is urging users to update their firmware, reset local user account passwords, and apply other security best practices to protect their systems.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
