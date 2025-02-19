Data breaches keep happening, and too often they come down to companies failing to take cybersecurity seriously. Some of the biggest breaches have been caused by negligence, and now there’s another major one to add to the list. Mars Hydro, a Chinese company that makes Internet of Things (IoT) devices like LED lights and hydroponics equipment, left a massive database unprotected online. As a result, 2.7 billion records were exposed to anyone who knew where to look.

What happened?

Mars Hydro, a Chinese manufacturer of IoT devices, suffered a massive data breach after a publicly accessible, unprotected database containing nearly 2.7 billion records was discovered online. The 1.17-terabyte database was not password-protected or encrypted, exposing a massive amount of sensitive information related to the company’s smart devices, including LED grow lights and hydroponic equipment.

The database contained logging, monitoring and error records for IoT devices sold worldwide. Among the exposed data were Wi-Fi network names (SSIDs), Wi-Fi passwords, IP addresses, device ID numbers and other details linked to user devices and the Mars Pro IoT software application. Plus, internal records referenced LG-LED SOLUTIONS LIMITED, a California-registered company, as well as Spider Farmer, which produces agricultural equipment.

Security researcher Jeremiah Fowler identified the database and immediately sent a responsible disclosure notice to LG-LED SOLUTIONS and Mars Hydro. Within hours, public access to the database was restricted.

It remains unclear how long the database was publicly accessible or whether any unauthorized parties accessed the data before its restriction. The only way to confirm potential access or misuse would be through an internal forensic audit, but no such investigation has been publicly disclosed.

Should you be worried?

The unprotected database contained highly sensitive user and device information, including SSIDs and passwords stored in plain text, which could allow unauthorized users to access home networks. Although the researcher did not indicate that any personally identifiable information was exposed, the presence of network credentials, IP addresses, device ID numbers and data about smartphones running the IoT software raises serious security concerns.

The exposed credentials could theoretically enable an attacker to connect to the network, compromise other devices, intercept data or even launch targeted cyberattacks. This risk is particularly troubling, given the broader vulnerabilities within the IoT industry.

According to a threat report by Palo Alto Networks, 57% of IoT devices across all industries are considered highly vulnerable, and an alarming 98% of data transmitted by these devices is unencrypted. The report further found that 83% of connected devices operate on outdated or unsupported operating systems, leaving them susceptible to attacks that exploit known vulnerabilities.

This incident underscores a recurring problem in the IoT sector: poor security practices, weak data protection and the absence of encryption. Without proactive security measures, such breaches will likely continue, exposing users to risks that extend beyond just their IoT devices, potentially compromising entire home or business networks.

5 ways you can protect yourself

If you own a Mars Hydro device or use the Mars Pro app, take the following steps to protect your data and secure your network:

1) Change your Wi-Fi password: Since Wi-Fi network names and passwords were stored in plain text, the first step is to update your router password immediately. Even if you believe your credentials were not directly exposed, it’s best to assume otherwise. A strong password should be complex, combining upper and lowercase letters, numbers and special characters. Avoid using simple or easily guessable passwords, such as your name, address or basic numerical sequences.

2) Enable two-factor authentication (2FA): If your router supports two-factor authentication , enabling it adds an extra layer of security. This ensures that even if someone gains access to your login credentials, they would still need a secondary authentication code – typically sent via text message or an authentication app – to log in. This significantly reduces the risk of unauthorized access.

3) Monitor your network for unusual activity: With Wi-Fi credentials and IP addresses exposed, attackers could attempt to access your network remotely. Checking your router’s admin panel regularly to review connected devices is an important security measure. If you notice an unfamiliar device, remove it immediately and change your Wi-Fi password again.

4) Keep your devices updated: IoT devices are notorious for running outdated or unsupported software, making them vulnerable to cyberattacks. Regularly updating the firmware and software of your smart devices ensures that you receive the latest security patches. Check your device settings for available updates and install them as soon as they are released. Keeping your router’s firmware updated is equally important, as routers are a primary target for hackers.

5) Beware of phishing attempts and use strong antivirus software: Hackers may try to exploit the data from this breach by launching phishing attacks. If you receive an email claiming to be from Mars Hydro or LG-LED SOLUTIONS, urging you to reset your password or provide personal details, be cautious. Cybercriminals often create fake login pages designed to steal credentials. Do not click on suspicious links or download attachments from unknown senders.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices .

Kurt’s key takeaway

The Mars Hydro breach is yet another reminder of the security risks that come with IoT devices. Companies need to do a better job of protecting user data, but at the end of the day, it is up to you to secure your own network. Updating passwords, enabling two-factor authentication and keeping an eye on your connected devices can make a big difference in keeping your data safe and your smart home secure.

