Overview

• SonicWall now says unauthorized actors accessed configuration backup files for every customer who used the MySonicWall cloud backup feature.
• The company published updated impacted‑device lists in the portal’s Product Management → Issue List with priority labels for internet‑facing, non‑internet‑facing, and inactive units.
• The stolen files contain encrypted credentials and detailed configuration data, and SonicWall says there is no evidence of production firewall compromise to date but the risk of targeted attacks is elevated.
• SonicWall reversed its September 17 estimate that fewer than 5% were affected after completing an investigation with Mandiant.
• Customers are instructed to reset credentials, rotate VPN pre‑shared keys and TOTP, and import new preference files, with SonicWall warning these steps can disrupt VPNs and user access and may require maintenance windows.