Chinese company that makes IoT devices database was unprotected
Your phone got hacked and now someone's got control of it. What to do immediately
Data breaches keep happening, and too often they come down to companies failing to take cybersecurity seriously. Some of the biggest breaches have been caused by negligence, and now there’s another major one to add to the list. Mars Hydro, a Chinese company that makes Internet of Things (IoT) devices like LED lights and hydroponics equipment, left a massive database unprotected online. As a result, 2.7 billion records were exposed to anyone who knew where to look.
Illustration of IoT devices (Kurt "CyberGuy" Knutsson)
What happened?
Mars Hydro, a Chinese manufacturer of IoT devices, suffered a massive data breach after a publicly accessible, unprotected database containing nearly 2.7 billion records was discovered online. The 1.17-terabyte database was not password-protected or encrypted, exposing a massive amount of sensitive information related to the company’s smart devices, including LED grow lights and hydroponic equipment.
The database contained logging, monitoring and error records for IoT devices sold worldwide. Among the exposed data were Wi-Fi network names (SSIDs), Wi-Fi passwords, IP addresses, device ID numbers and other details linked to user devices and the Mars Pro IoT software application. Plus, internal records referenced LG-LED SOLUTIONS LIMITED, a California-registered company, as well as Spider Farmer, which produces agricultural equipment.
Security researcher Jeremiah Fowler identified the database and immediately sent a responsible disclosure notice to LG-LED SOLUTIONS and Mars Hydro. Within hours, public access to the database was restricted.
It remains unclear how long the database was publicly accessible or whether any unauthorized parties accessed the data before its restriction. The only way to confirm potential access or misuse would be through an internal forensic audit, but no such investigation has been publicly disclosed.
Illustration of using an app to access smart home devices (Kurt "CyberGuy" Knutsson)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
Should you be worried?
The unprotected database contained highly sensitive user and device information, including SSIDs and passwords stored in plain text, which could allow unauthorized users to access home networks. Although the researcher did not indicate that any personally identifiable information was exposed, the presence of network credentials, IP addresses, device ID numbers and data about smartphones running the IoT software raises serious security concerns.
The exposed credentials could theoretically enable an attacker to connect to the network, compromise other devices, intercept data or even launch targeted cyberattacks. This risk is particularly troubling, given the broader vulnerabilities within the IoT industry.
According to a threat report by Palo Alto Networks, 57% of IoT devices across all industries are considered highly vulnerable, and an alarming 98% of data transmitted by these devices is unencrypted. The report further found that 83% of connected devices operate on outdated or unsupported operating systems, leaving them susceptible to attacks that exploit known vulnerabilities.
This incident underscores a recurring problem in the IoT sector: poor security practices, weak data protection and the absence of encryption. Without proactive security measures, such breaches will likely continue, exposing users to risks that extend beyond just their IoT devices, potentially compromising entire home or business networks.
Illustration of a IoT device (Kurt "CyberGuy" Knutsson)
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
5 ways you can protect yourself
If you own a Mars Hydro device or use the Mars Pro app, take the following steps to protect your data and secure your network:
1) Change your Wi-Fi password: Since Wi-Fi network names and passwords were stored in plain text, the first step is to update your router password immediately. Even if you believe your credentials were not directly exposed, it’s best to assume otherwise. A strong password should be complex, combining upper and lowercase letters, numbers and special characters. Avoid using simple or easily guessable passwords, such as your name, address or basic numerical sequences.
2) Enable two-factor authentication (2FA): If your router supports two-factor authentication, enabling it adds an extra layer of security. This ensures that even if someone gains access to your login credentials, they would still need a secondary authentication code – typically sent via text message or an authentication app – to log in. This significantly reduces the risk of unauthorized access.
3) Monitor your network for unusual activity: With Wi-Fi credentials and IP addresses exposed, attackers could attempt to access your network remotely. Checking your router’s admin panel regularly to review connected devices is an important security measure. If you notice an unfamiliar device, remove it immediately and change your Wi-Fi password again.
4) Keep your devices updated: IoT devices are notorious for running outdated or unsupported software, making them vulnerable to cyberattacks. Regularly updating the firmware and software of your smart devices ensures that you receive the latest security patches. Check your device settings for available updates and install them as soon as they are released. Keeping your router’s firmware updated is equally important, as routers are a primary target for hackers.
5) Beware of phishing attempts and use strong antivirus software: Hackers may try to exploit the data from this breach by launching phishing attacks. If you receive an email claiming to be from Mars Hydro or LG-LED SOLUTIONS, urging you to reset your password or provide personal details, be cautious. Cybercriminals often create fake login pages designed to steal credentials. Do not click on suspicious links or download attachments from unknown senders.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Kurt’s key takeaway
The Mars Hydro breach is yet another reminder of the security risks that come with IoT devices. Companies need to do a better job of protecting user data, but at the end of the day, it is up to you to secure your own network. Updating passwords, enabling two-factor authentication and keeping an eye on your connected devices can make a big difference in keeping your data safe and your smart home secure.
Do you think governments should regulate IoT security more strictly, or should it be left to the companies? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you'd like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
- What is the best way to stay private, secure and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data removal services?
- How do I remove my private data from the internet?
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
