• Business

    SonicWall customers told to reset credentials following firewall data breach

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    SonicWall customers told to reset credentials following firewall data breach

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

    Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

    SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk – here’s what we know

    Fortinet VPNs under attack from potential zero-day – FortiSIEM security tools also at risk, so be on your guard

    Even Cloudflare isn’t safe from Salesloft Drift data breaches

    Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack

    Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know

    This devious ransomware is able to hijack your system to turn off antivirus

    All Plex users should reset passwords in wake of data breach

    Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

    Is your company firewall up to scratch? Study reveals a shocking number of firms might be at risk

    Zscaler says it suffered data breach following Salesloft Drift compromise

    Tencent Cloud denies sites breached to expose valuable data

    “No evidence” – here’s why the massive 16 billion record data breach may not be as bad as first thought

    Passwordstate users should patch this auth bypass vulnerability immediately, company says

    SonicWall customers told to reset credentials following firewall data breach

    Sead Fadilpašić

    19 September 2025

    SonicWall suffered a brute-force attack

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Getty Images)

    Threat actors brute-forced SonicWall’s cloud portal, accessing encrypted firewall configuration backups
    Up to 25,000 organizations may be affected; SonicWall urges immediate credential resets
    No data leaks yet confirmed; but third-party experts and law enforcement are now involved

    SonicWall is urging its firewall customers to reset their passwords after confirming it suffering a security incident which may have exposed their data.

    In a security announcement, SonicWall outlined how unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service.
    This tool allows SonicWall firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames and passwords (if stored in config).

    You may like

    SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

    Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

    SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk – here’s what we know

    Thousands of potential victims
    “While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall,” the company explained.

    In theory, the attackers could brute-force or decrypt the secrets, extracting credentials used in services tied to the firewall, understand network topology and rules – bypassing defenses more easily, and launch targeted attacks using insider knowledge on how the firewalls are configured.
    SonicWall said “fewer than 5%” of its customer base was affected by this attack – however the latest figures from the company claims it services roughly 500,000 customers globally, (although that doesn’t mean that all of them are using firewall, or cloud backup services) – so, the worst case scenario would put the number of affected organizations at around 25,000.
    So far, no groups claimed responsibility for this attack, and the data has not surfaced anywhere on the dark web.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    “We are not presently aware of these files being leaked online by threat actors,” SonicWall explained. ”This was not a ransomware or similar event for SonicWall, rather this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors.”
    After the breach, SonicWall managed to oust the attackers and has brought in third-party security experts to bolster its defenses. Law enforcement has also been notified.
    Via BleepingComputer
    You might also like

    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    SonicWall VPNs are being targeted by a new zero-day in ransomware attacks

    Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

    SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk – here’s what we know

    Fortinet VPNs under attack from potential zero-day – FortiSIEM security tools also at risk, so be on your guard

    Even Cloudflare isn’t safe from Salesloft Drift data breaches

    Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack

    Latest in Security

    VPS servers hijacked into malware proxies – here’s how to stay safe

    Most companies admit their current security can’t stop AI cybercrime

    CrowdStrike snaps up Pangea to boost AI security

    Top VC firm is warning thousands their data may have been hacked – here’s how to stay safe

    New York Blood Center data breach sees 200,000 affected – and you might not even know you’ve been hit

    Scattered Spider hackers return to hit more victims – despite retirement claims

    Latest in News

    The end of Nest? Google’s mysterious speaker stars in new leak that hints at smart home shakeup

    Peacemaker star Frank Grillo breaks down Rick Flag Sr’s brutal beatdown of Chris Smith in season 2 episode 6: ‘It’s like a volcano erupting’

    Over half of SMB employees say they’re considering quitting – so how can bosses keep their best talent?

    Data sovereignty is becoming a bigger challenge than ever – so what steps can businesses take?

    I couldn’t decide between the iPhone 17 Pro and iPhone Air, so I bought both – which one should I keep?

    New trailer for Peacemaker drops a big clue that Chris Smith is about to learn the truth about the ‘best dimension ever’

    LATEST ARTICLES

    VPS servers hijacked into malware proxies – here’s how to stay safe

    Microsoft announces “world’s most powerful data center” in latest billion-dollar AI spending splurge

    Peacemaker star Frank Grillo breaks down Rick Flag Sr’s brutal beatdown of Chris Smith in season 2 episode 6: ‘It’s like a volcano erupting’

    ‘I actually took a call on a jet-ski a few weeks ago… you can basically stand in a wind tunnel’: Mark Zuckerberg may have just solved my biggest open-ear headphone problem with the Oakley Meta Vanguard smart glasses

    The end of Nest? Google’s mysterious speaker stars in new leak that hints at smart home shakeup

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like