Crims bust through SonicWall to grab sensitive config data

SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.

The network security vendor confirmed the breach in an updated knowledge base article and in a statement to The Register, saying that it recently detected suspicious activity targeting its cloud backup service for firewalls, which it "confirmed as a security incident in the past few days."

Michael Crean, senior vice president of managed security services at SonicWall, told us that "fewer than 5 percent" of its firewall installed base had preference files accessed, though he declined to give an exact number of customers affected.

"While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall. We are not presently aware of these files being leaked online by threat actors," Crean said, stressing that the incident ...