SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month.
Previously, the vendor stated that the incident "exposed firewall configuration backup files stored in certain MySonicWall accounts," without sharing additional details.
MySonicWall is an online customer portal used for managing product access, licensing, registration, firmware updates, support cases, and cloud backups of firewall configurations (.EXP files).
On September 17, the company warned customers to reset their MySonicWall account credentials to protect their firewall configuration backup files that could be potentially accessed by unauthorized actors who had breached its systems.
To help administrators navigate the risk stemming from the breach, the company provided the essential steps of the reset procedure, which should cover all credentials, API keys, and users' authentication tokens, VPN accounts, and services.
The company provides a checklist "to ensure all relevant passwords, keys, and secrets are updated consistently." Critical actions refer to the following preocedures:
resetting and updating passwords of all local users
reseting temporary access codes (TOTP) for local users
updating passwords on LDAP, RADIUS, or TACACS+ servers
updating the shared secret in all IPSec site-to-site and GroupVPN policies
... continue reading