Data breaches continue to happen, and in many cases they come down to businesses that don't take cybersecurity seriously. Some of the biggest violations have been caused by negligence, and now there is another major violation to add to the list. Mars Hydro is a Chinese company that manufactures Internet of Things (IoT) devices such as LED Lights and Hydroponics devices, leaving behind a large, unprotected database online. As a result, the 2.7 billion record was exposed to people who knew where to look.
IoT device illustration (Kurt “Cyberguy” Knutsson)
what happened?
Mars Hydro, the Chinese manufacturer of IoT devices, suffered a massive data breaches after a publicly available and unprotected database was discovered online, including around 2.7 billion records. 1.17-Terabyte database is not password protected or encrypted, and has released a huge amount of confidential information related to company smart devices, such as LED Grow Lights and Hydroponic devices.
The database contained logging, monitoring and error records for IoT devices sold worldwide. The published data included Wi-Fi Network Name (SSID), Wi-Fi Password, IP Address, Device ID Number, and other details linked to the user device and MARS Pro IoT Software Application. Additionally, internal records referenced LG-led Solutions Limited, a registered California company, and Spider Farmer, which produces agricultural equipment.
Security researcher Jeremiah Fowler We identified the database and sent out a responsible disclosure notice to LG-led solutions and Mars hydropower. Within hours, public access to the database was restricted.
It remains unclear how long the database has been published or whether an unauthorized party has accessed the data prior to the restrictions. The only way to confirm potential access or misuse is through an internal forensic audit, but no such investigation has been published.
Illustration of using an app to access a smart home device (Kurt “Cyberguy” Knutsson)
Hidden Costs of Free Apps: Your Personal Information
Should I worry?
The unsecured database contained highly sensitive user and device information, such as SSIDs and passwords stored in plain text. This allows unauthorized users to access their home network. Researchers did not show that any personally identifiable information was public, but the presence of network credentials, IP addresses, device ID numbers and data on smartphones running IoT software is severe. raises security concerns.
The exposed credentials can theoretically allow an attacker to connect to a network, compromise other devices, intercept data, or launch targeted cyber attacks. This risk is particularly troubling given the wider vulnerabilities within the IoT industry.
According to the Palo Alto Networks threat report, 57% of IoT devices in all industries are considered to be extremely vulnerable, with 98% of the data sent by these devices being unencrypted. The report further found that 83% of connected devices work on outdated or unsupported operating systems and are susceptible to attacks that harness known vulnerabilities.
This incident highlights repeated issues in the IoT sector. Poor security practices, weak data protection, and lack of encryption. Without aggressive security measures, such breaches could continue, putting users at risk of expanding beyond just IoT devices, potentially damaging your home or business network.
IoT device illustration (Kurt “Cyberguy” Knutsson)
From Tiktok to Trouble: How to weaponize your online data against you
5 ways to protect yourself
If you own a Mars Hydro device or use the Mars Pro app, follow these steps to protect your data and secure your network:
1) Change your Wi-Fi password. The Wi-Fi network name and password are stored in plain text, so the first step is to update your router password immediately. Even if you believe that your credentials are not directly exposed, it is best to assume that they are not. A strong password is complex and requires a combination of upper limits, lowercase letters, numbers, and special characters. Do not use simple or easily guessable passwords, such as names, addresses, or basic numeric sequences.
2) Enable 2-factor authentication (2FA): If the router supports it Two-factor authenticationenabling it adds an extra layer of security. This will require a secondary authentication code sent via text messages or an authentication app to log in, even if someone accesses your login credentials. This significantly reduces the risk of unauthorized access.
3) Monitor your network for unusual activity. Once Wi-Fi credentials and IP addresses are exposed, an attacker can try to access the network remotely. Checking your router's admin panel regularly to see which devices are connected is an important security measure. If you notice any unfamiliar devices, delete them immediately and change your Wi-Fi password again.
4) Keep your device up to date: IoT devices are well known for running outdated or unsupported software, making them vulnerable to cyberattacks. Regularly Firmware and software updates You are guaranteed to receive the latest security patches of smart devices. Check the device settings for available updates and install them as soon as they are released. Since routers are the main target of hackers, updating the router's firmware is equally important.
5) Beware of phishing attempts and use powerful antivirus software. Hackers may attempt to exploit data from this violation by launching phishing attacks. If you receive an email claiming it is from a Mars Hydro or an LG-driven solution, be careful if you are prompted to reset your password or provide your personal information. Cybercriminals often create fake login pages designed to steal credentials. Do not click on suspicious links or download attachments from unknown senders.
The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection can also warn you that it will phish email and ransomware scams and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
Massive security flaws put the most popular browsers at risk with MAC
Important points of cart
The Mars hydro violation is an additional reminder of the security risks associated with IoT devices. While businesses need to do a better job of securing user data, at the end of the day it's up to you to secure their own network. By enabling password updates, two-factor authentication and keeping your connected devices apart, you can make a big difference in keeping your data safe and keeping your smart home safe.
Do you think the government should regulate IoT security more strictly, or should it be left to the company? Write us and let us know cyberguy.com/contact.
For more information about my tech tips and security alerts, sign up for our free Cyberguy Report Newsletter cyberguy.com/newsletter.
Ask us a question in our cart or let us know what you want us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
