Data breaches keep happening, and too often, they come down to companies failing to take cybersecurity seriously. Some of the biggest breaches have been caused by negligence, and now there’s another major one to add to the list. Mars Hydro, a Chinese company that makes Internet of Things (IoT) devices like LED lights and hydroponics equipment, left a massive database unprotected online. As a result, 2.7 billion records were exposed to anyone who knew where to look.
What happened?
Mars Hydro, a Chinese manufacturer of IoT devices, suffered a massive data breach after a publicly accessible, unprotected database containing nearly 2.7 billion records was discovered online. The 1.17-terabyte database was not password-protected or encrypted, exposing a massive amount of sensitive information related to the company’s smart devices, including LED grow lights and hydroponic equipment.
The database contained logging, monitoring, and error records for IoT devices sold worldwide. Among the exposed data were Wi-Fi network names (SSIDs), Wi-Fi passwords, IP addresses, device ID numbers, and other details linked to user devices and the Mars Pro IoT software application. Plus, internal records referenced LG-LED SOLUTIONS LIMITED, a California-registered company, as well as Spider Farmer, which produces agricultural equipment.
Security researcher Jeremiah Fowler identified the database and immediately sent a responsible disclosure notice to LG-LED SOLUTIONS and Mars Hydro. Within hours, public access to the database was restricted.
It remains unclear how long the database was publicly accessible or whether any unauthorized parties accessed the data before its restriction. The only way to confirm potential access or misuse would be through an internal forensic audit, but no such investigation has been publicly disclosed.
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
Should you be worried?
The unprotected database contained highly sensitive user and device information, including Wi-Fi network names (SSIDs) and passwords stored in plain text, which could allow unauthorized users to access home networks. Although the researcher did not indicate that any personally identifiable information (PII) was exposed, the presence of network credentials, IP addresses, device ID numbers, and data about smartphones running the IoT software raises serious security concerns.
The exposed credentials could theoretically enable an attacker to connect to the network, compromise other devices, intercept data, or even launch targeted cyberattacks. This risk is particularly troubling, given the broader vulnerabilities within the IoT industry.
According to a threat report by Palo Alto Networks, 57% of IoT devices across all industries are considered highly vulnerable, and an alarming 98% of data transmitted by these devices is unencrypted. The report further found that 83% of connected devices operate on outdated or unsupported operating systems, leaving them susceptible to attacks that exploit known vulnerabilities.
This incident underscores a recurring problem in the IoT sector: poor security practices, weak data protection, and the absence of encryption. Without proactive security measures, such breaches will likely continue, exposing users to risks that extend beyond just their IoT devices—potentially compromising entire home or business networks.
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
6 ways you can protect yourself
If you own a Mars Hydro device or use the Mars Pro app, take the following steps to protect your data and secure your network:
1) Change your Wi-Fi password: Since Wi-Fi network names and passwords were stored in plain text, the first step is to update your router password immediately. Even if you believe your credentials were not directly exposed, it’s best to assume otherwise. A strong password should be complex, combining upper and lowercase letters, numbers, and special characters. Avoid using simple or easily guessable passwords, such as your name, address, or basic numerical sequences.
2) Enable two-factor authentication (2FA): If your router supports two-factor authentication, enabling it adds an extra layer of security. This ensures that even if someone gains access to your login credentials, they would still need a secondary authentication code—typically sent via text message or an authentication app—to log in. This significantly reduces the risk of unauthorized access.
3) Monitor your network for unusual activity: With Wi-Fi credentials and IP addresses exposed, attackers could attempt to access your network remotely. Checking your router’s admin panel regularly to review connected devices is an important security measure. If you notice an unfamiliar device, remove it immediately and change your Wi-Fi password again.
4) Keep your devices updated: IoT devices are notorious for running outdated or unsupported software, making them vulnerable to cyberattacks. Regularly updating the firmware and software of your smart devices ensures that you receive the latest security patches. Check your device settings for available updates and install them as soon as they are released. Keeping your router’s firmware updated is equally important, as routers are a primary target for hackers.
5) Beware of phishing attempts and use strong antivirus software: Hackers may try to exploit the data from this breach by launching phishing attacks. If you receive an email claiming to be from Mars Hydro or LG-LED SOLUTIONS, urging you to reset your password or provide personal details, be cautious. Cybercriminals often create fake login pages designed to steal credentials. Do not click on suspicious links or download attachments from unknown senders.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
6) Remove your exposed data from data brokers: With 2.7 billion records exposed, your personal and network information may already be circulating among data brokers—companies that collect and sell user data, often without consent. Hackers and scammers use these databases to launch phishing attacks, identity theft scams, and targeted cyber intrusions. Our #1 pick, Incogni automates the process of removing your information from these databases, significantly reducing your risk of being targeted in future attacks. Instead of manually requesting data removal from dozens (or even hundreds) of brokers, Incogni handles it for you, ensuring your details stay out of reach of bad actors.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Kurt’s key takeaway
The Mars Hydro breach is yet another reminder of the security risks that come with IoT devices. Companies need to do a better job of protecting user data, but at the end of the day, it is up to you to secure your own network. Updating passwords, enabling two-factor authentication, and keeping an eye on your connected devices can make a big difference in keeping your data safe and your smart home secure.
Do you think governments should regulate IoT security more strictly, or should it be left to the companies? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment
If you ask me – since the company is Chinese owned you may want the Chinese government to access the data and claim that they were hacked to sound innocent.