IoT Data Breach Exposed 2.7 Billion Records Data Breach Prevention Tips
AVP SUITE
February 14,2025
6 mins
IoT Data Breach Exposed 2.7 Billion Records Data Breach Prevention Tips
A staggering 2.7 billion records containing sensitive user data—including Wi-Fi network names, passwords, IP addresses, and device identifiers—were exposed in a major IoT security breach. The leak has been linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED, a California-registered company. The unprotected database, totaling 1.17 terabytes, was discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor. What’s alarming is that this database was publicly accessible, with no password protection or encryption, putting millions of IoT users at risk.
| Table of Contents!
How the Breach Happened Security Response and Lingering Questions Why This Data Leak is a Huge Security Risk A Wake-Up Call for IoT Security How AVP Suite Prevents Data Breaches Conclusion |
How the Breach Happened
The exposed database contained the following:
- Wi-Fi SSIDs (network names) and passwords in plain text
- IP addresses, device IDs, MAC addresses, and operating system details (iOS/Android)
- API tokens, app versions, and error logs labeled “Mars-pro-iot-error” or “SF-iot-error.”
The breach seems tied to Mars Hydro’s Mars Pro app, which controls IoT grow lights and climate systems. Strangely, the app’s privacy policy states that it does not collect user data, contradicting the evidence found in the exposed logs.
Further investigation also linked the leaked records to LG-LED SOLUTIONS LIMITED, a company registered in California. Some records contained direct API details and links to LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer—all agricultural grow lights, fans, and cooling systems manufacturers.
Many logs were labeled “Mars-pro-iot-error” or “SF-iot-error,” indicating that these error reports contained a goldmine of sensitive data, including API tokens, device types, IP addresses, and Wi-Fi credentials.
Security Response and Lingering Questions
Once Fowler discovered the breach, he promptly notified LG-LED SOLUTIONS and Mars Hydro. Within hours, access to the database was restricted. Mars Hydro confirmed that its “Mars Pro” app, available on both iOS and Android, is their official product.
However, there are still many unanswered questions, including:
- Was the database managed directly by LG-LED SOLUTIONS, or did a third-party contractor handle it?
- How long was the database left unprotected?
- Were unauthorized parties able to access the leaked data before it was secured?
So far, neither Mars Hydro nor LG-LED SOLUTIONS have commented on the breach’s origin or the involvement of third-party providers.
Related Read: How Does a Password Manager Ensure Your Digital Safety?
Why This Data Leak is a Huge Security Risk
The exposure of this sensitive data creates severe security risks, including:
- Network Infiltration: Hackers could use leaked Wi-Fi credentials to gain access to home and business networks, allowing them to intercept data, inject malware, or launch ransomware attacks.
- Botnet Recruitment: Compromised IoT devices could be hijacked for large-scale DDoS attacks, similar to past incidents linked to groups like the Matrix hacker collective.
- Physical Threats: Cybercriminals could remotely manipulate connected grow lights, fans, or cooling systems—potentially damaging crops or disrupting critical agricultural operations.
Fowler also warned of a “nearest neighbor attack”, a hacking method used by Russian GRU hackers in 2024 to infiltrate a Ukraine-focused organization through nearby Wi-Fi networks. This method could be used against victims of this data breach, allowing cybercriminals to target networks simply by being in physical proximity.
According to a Palo Alto Networks report, 98% of IoT device data is unencrypted, and 57% of connected devices have critical vulnerabilities—further underscoring the dangers of unsecured smart devices.
Read More: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
A Wake-Up Call for IoT Security
This massive data leak highlights significant flaws in IoT security, including:
- Weak Encryption: Many IoT devices still rely on outdated protocols like WPA2, susceptible to brute-force attacks.
- Default Passwords: Many users fail to change factory settings, leaving their devices open to cyberattacks.
- Centralized Cloud Risks: Storing vast amounts of sensitive data in unsecured cloud servers creates a single point of failure.
Notably, security researchers speculate that this latest breach may be connected to a 2019 data leak from Orvibo, a Chinese smart-device company that exposed similar types of IoT data.
Cybersecurity experts strongly urge IoT manufacturers and users to take the following steps:
- Encrypt sensitive logs and avoid storing credentials in plain text
- Use network segmentation to isolate IoT devices from critical systems
- Conduct regular security audits and penetration testing to detect vulnerabilities
While Fowler emphasized that his findings aim to “raise awareness,” and there is no direct evidence of malicious use yet, this breach is a stark reminder: IoT security must be taken seriously before it’s too late.
| Your Data Deserves the Best Protection!
AVP Suite detects & prevents breaches before it’s too late Try AVP Suite for Free! |
How AVP Suite Prevents Data Breaches
AVP Suite is designed to provide robust data breach protection and ensure your sensitive information remains secure. Here’s how it keeps your data safe:
- Comprehensive Cybersecurity: AVP Total Security continuously monitors for cybersecurity breaches and detects any unusual activity before it escalates.
- Advanced Malware & Virus Protection: With AVP Antivirus Software, your devices are shielded from malicious software that could lead to data leaks.
- Identity Theft Protection: Protect your personal information with integrated tools that secure your digital identity against potential theft.
- Secure Password Management: Utilize the AVP Password Manager for AVP password protection. Generate and store complex passwords to prevent unauthorized access.
- Real-Time Updates & Scans: Regular security scans and automatic updates ensure you always have the latest data protection solutions.
Take charge of your digital security today—keep your data safe from breaches and threats with AVP Suite!
Conclusion
Despite rising data breaches—as seen in the IoT incident exposing 2.7 billion records—AVP Suite stands ready to safeguard your digital world. With robust data breach protection through AVP Total Security and AVP antivirus software, your data remains secure against relentless cyber threats.
Protect your information now—download AVP Total Security today!
A staggering 2.7 billion records containing sensitive user data—including Wi-Fi network names, passwords, IP addresses, and device identifiers—were exposed in a major IoT security breach. The leak has been linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED, a California-registered company.
The unprotected database, totaling 1.17 terabytes, was discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor. What’s alarming is that this database was publicly accessible, with no password protection or encryption, putting millions of IoT users at risk.
How the Breach Happened
The exposed database contained the following:
- Wi-Fi SSIDs (network names) and passwords in plain text
- IP addresses, device IDs, MAC addresses, and operating system details (iOS/Android)
- API tokens, app versions, and error logs labeled “Mars-pro-iot-error” or “SF-iot-error.”
The breach seems tied to Mars Hydro’s Mars Pro app, which controls IoT grow lights and climate systems. Strangely, the app’s privacy policy states that it does not collect user data, contradicting the evidence found in the exposed logs.
Further investigation also linked the leaked records to LG-LED SOLUTIONS LIMITED, a company registered in California. Some records contained direct API details and links to LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer—all agricultural grow lights, fans, and cooling systems manufacturers.
Many logs were labeled “Mars-pro-iot-error” or “SF-iot-error,” indicating that these error reports contained a goldmine of sensitive data, including API tokens, device types, IP addresses, and Wi-Fi credentials.
Security Response and Lingering Questions
Once Fowler discovered the breach, he promptly notified LG-LED SOLUTIONS and Mars Hydro. Within hours, access to the database was restricted. Mars Hydro confirmed that its “Mars Pro” app, available on both iOS and Android, is their official product.
However, there are still many unanswered questions, including:
- Was the database managed directly by LG-LED SOLUTIONS, or did a third-party contractor handle it?
- How long was the database left unprotected?
- Were unauthorized parties able to access the leaked data before it was secured?
So far, neither Mars Hydro nor LG-LED SOLUTIONS have commented on the breach’s origin or the involvement of third-party providers.
Related Read: How Does a Password Manager Ensure Your Digital Safety?
Why This Data Leak is a Huge Security Risk
The exposure of this sensitive data creates severe security risks, including:
- Network Infiltration: Hackers could use leaked Wi-Fi credentials to gain access to home and business networks, allowing them to intercept data, inject malware, or launch ransomware attacks.
- Botnet Recruitment: Compromised IoT devices could be hijacked for large-scale DDoS attacks, similar to past incidents linked to groups like the Matrix hacker collective.
- Physical Threats: Cybercriminals could remotely manipulate connected grow lights, fans, or cooling systems—potentially damaging crops or disrupting critical agricultural operations.
Fowler also warned of a “nearest neighbor attack”, a hacking method used by Russian GRU hackers in 2024 to infiltrate a Ukraine-focused organization through nearby Wi-Fi networks. This method could be used against victims of this data breach, allowing cybercriminals to target networks simply by being in physical proximity.
According to a Palo Alto Networks report, 98% of IoT device data is unencrypted, and 57% of connected devices have critical vulnerabilities—further underscoring the dangers of unsecured smart devices.
Read More: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
A Wake-Up Call for IoT Security
This massive data leak highlights significant flaws in IoT security, including:
- Weak Encryption: Many IoT devices still rely on outdated protocols like WPA2, susceptible to brute-force attacks.
- Default Passwords: Many users fail to change factory settings, leaving their devices open to cyberattacks.
- Centralized Cloud Risks: Storing vast amounts of sensitive data in unsecured cloud servers creates a single point of failure.
Notably, security researchers speculate that this latest breach may be connected to a 2019 data leak from Orvibo, a Chinese smart-device company that exposed similar types of IoT data.
Cybersecurity experts strongly urge IoT manufacturers and users to take the following steps:
- Encrypt sensitive logs and avoid storing credentials in plain text
- Use network segmentation to isolate IoT devices from critical systems
- Conduct regular security audits and penetration testing to detect vulnerabilities
While Fowler emphasized that his findings aim to “raise awareness,” and there is no direct evidence of malicious use yet, this breach is a stark reminder: IoT security must be taken seriously before it’s too late.
Your Data Deserves the Best Protection!
AVP Suite detects & prevents breaches before it’s too late
Try AVP Suite for Free!
How AVP Suite Prevents Data Breaches
AVP Suite is designed to provide robust data breach protection and ensure your sensitive information remains secure. Here’s how it keeps your data safe:
- Comprehensive Cybersecurity: AVP Total Security continuously monitors for cybersecurity breaches and detects any unusual activity before it escalates.
- Advanced Malware & Virus Protection: With AVP Antivirus Software, your devices are shielded from malicious software that could lead to data leaks.
- Identity Theft Protection: Protect your personal information with integrated tools that secure your digital identity against potential theft.
- Secure Password Management: Utilize the AVP Password Manager for AVP password protection. Generate and store complex passwords to prevent unauthorized access.
- Real-Time Updates & Scans: Regular security scans and automatic updates ensure you always have the latest data protection solutions.
Take charge of your digital security today—keep your data safe from breaches and threats with AVP Suite!
Conclusion
Despite rising data breaches—as seen in the IoT incident exposing 2.7 billion records—AVP Suite stands ready to safeguard your digital world. With robust data breach protection through AVP Total Security and AVP antivirus software, your data remains secure against relentless cyber threats.
Protect your information now—download AVP Total Security today!
AVP Suite blocks data breaches & keeps hackers away
Start Your Free Trial!
