Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Data violations continue to occur, and too often they are reduced to companies that do not seriously take cyber security. Some of the largest infractions have been caused by negligence, and now there is another important one to add to the list. Mars Hydro, a Chinese company that makes Internet devices (IoT) such as LED lights and hydroponics equipment, left a massive database without online protection. As a result, 2.7 billion records were exposed to anyone who knew where to look.
IoT devices illustration (Kurt “Cyberguy” Knutsson)
What happened?
Mars Hydro, a Chinese manufacturer of IoT devices, suffered a massive data violation after a public and accessible access database was discovered online that contained almost 2.7 billion records. The 1.17-theerabyte database was not protected with password or encrypted, exposing a large amount of confidential information related to the company’s smart devices, including LED cultivation lights and hydroponic equipment.
The database contained registration, monitoring and error records for IoT devices sold worldwide. Among the exposed data were the Network Network Wi-Fi (SSID), Wi-Fi passwords, IP addresses, device identification numbers and other details related to user devices and the application of Mars Pro software IoT In addition, internal records referred to LG-LED Solutions Limited, a company registered in California, as well as Spider Farmer, which produces agricultural equipment.
Security researcher Jeremiah Fowler He identified the database and immediately sent a responsible dissemination notice to the solutions led by LG and Mars Hydro. In a matter of hours, public access to the database was restricted.
It is not clear how long the database was publicly accessible or if any unauthorized part agreed to the data before its restriction. The only way to confirm potential access or misuse would be through an internal forensic audit, but such research has not been publicly revealed.
Illustration of the use of an application to access intelligent starting devices (Kurt “Cyberguy” Knutsson)
The hidden costs of free applications: your personal information
Should you be worried?
The unprotected database contained highly confidential information of users and devices, including SSID and passwords stored in flat text, which could allow unauthorized users to access domestic networks. Although the researcher did not indicate that no personal identification information was exposed, the presence of network credentials, IP addresses, device identification numbers and smartphones that run the IoT software raises serious security concerns.
The credentials exposed in theory could allow an attacker to connect to the network, compromise other devices, intercept data or even launch directed cyber attacks. This risk is particularly worrying, given the broader vulnerabilities within the IoT industry.
According to a threat report by Palo Alto Networks, 57% of IoT devices in all industries are considered highly vulnerable, and an alarming 98% of the data transmitted by these devices is not intertwined. The report also found that 83% of connected devices operate in obsolete or non -backed operating systems, leaving them susceptible to attacks that exploit known vulnerabilities.
This incident underlines a recurring problem in the IoT sector: bad security practices, weak data protection and the absence of encryption. Without proactive security measures, such infractions will probably continue, exposing users to risks that extend beyond their IoT devices, which can compromise home or commercial networks.
Illustration of an IoT device (Kurt “Cyberguy” Knutsson)
From Tiktok to problems: how your online data can be armed against you
5 ways in which you can protect yourself
If you have a Mars Hydro device or use the Mars Pro application, take the following steps to protect your data and ensure your network:
1) Change your Wi-Fi password: Since the Wi-Fi network names and passwords were stored in flat text, the first step is to update the password of its router immediately. Even if you believe that your credentials were not directly exposed, it is better to assume otherwise. A safe password must be complex, combining higher and lowercase letters, numbers and special characters. Avoid using simple or easily divine passwords, such as your name, address or basic numerical sequences.
2) enable two factors authentication (2FA): If your router is compatible two factors authenticationenabling it adds an additional security layer. This ensures that even if someone gains access to their login credentials, a secondary authentication code would still need, usually sent through text messages or an authentication application, to log in. This significantly reduces the risk of unauthorized access.
3) Monitor your network for unusual activity: With the Wi-Fi credentials and the IP addresses exposed, the attackers could try to access their network remotely. Regularly verify the administration panel of its router to review the connected devices is an important safety measure. If you notice an unknown device, check it out immediately and change your Wi-Fi password again.
4) Keep your updated devices: IoT devices are known for running outdated or non -compatible software, which makes them vulnerable to cyber attacks. Regularly Firmware and Software update of its smart devices ensures that you receive the last security patches. See your device configuration to obtain available updates and install them as soon as they are launched. Maintaining the firmware of your updated router is equally important, since the routers are a main objective for computer pirates.
5) Take into account phishing attempts and use strong antivirus software: Computer pirates can try to exploit data from this rape by launching phishing attacks. If you receive an email that claims to be from Mars Hydro or LG solutions, urging you to restore your password or provide personal data, be careful. Cybercriminals often create false login pages designed to steal credentials. Do not click suspicious links or download attachments from unknown sending.
The best way to safeguard the malicious links is to have the antivirus software on all its devices installed. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets. Get my elections for the best antivirus protection winners 2025 for your Windows, Mac, Android and iOS devices.
The mass security failure puts most popular browsers at risk in Mac
Kurt key takeway
The violation of Mars Hydro is another reminder of the security risks that come with IoT devices. Companies must do a better job to protect user data, but at the end of the day, it depends on you to ensure your own network. Update passwords, enable two factors authentication and monitor their connected devices can make a big difference to maintain their safe data and safe intelligent home.
Do you think that governments should regulate IoT safety strictly, or should companies be left? Get us knowing in Cyberguy.com/contact.
To obtain more technological tips and safety alerts, subscribe to my free Cyberguy Report newsletter when you head Cyberguy.com/newsletter.
Ask Kurt a question or let us know what stories we would like to cover.
Follow Kurt in his social channels:
Answers to the most informed Cyberguys questions:
New Kurt:
Copyright 2025 Cyberguy.com. All rights reserved.