IoT Data Breach Exposed 2.7 Billion Records: Data Breach Prevention Tips
AVP SUITE
February 14,2025
6 mins
IoT Data Breach Exposed 2.7 Billion Records: Data Breach Prevention Tips
A staggering 2.7 billion records containing sensitive user data—including Wi-Fi network names, passwords, IP addresses, and device identifiers—were exposed in a major IoT security breach. The leak has been linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED, a California-registered company.
The unprotected database, totaling 1.17 terabytes, was discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor. What’s alarming is that this database was publicly accessible, with no password protection or encryption, putting millions of IoT users at risk.
| Table of Contents!
How the Breach Happened Security Response and Lingering Questions Why This Data Leak is a Huge Security Risk A Wake-Up Call for IoT Security How AVP Suite Prevents Data Breaches Conclusion |
How the Breach Happened
The exposed database contained the following:
- Wi-Fi SSIDs (network names) and passwords in plain text
- IP addresses, device IDs, MAC addresses, and operating system details (iOS/Android)
- API tokens, app versions, and error logs labeled “Mars-pro-iot-error” or “SF-iot-error.”
The breach seems tied to Mars Hydro’s Mars Pro app, which controls IoT grow lights and climate systems. Strangely, the app’s privacy policy states that it does not collect user data, contradicting the evidence found in the exposed logs.
Further investigation also linked the leaked records to LG-LED SOLUTIONS LIMITED, a company registered in California. Some records contained direct API details and links to LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer—all agricultural grow lights, fans, and cooling systems manufacturers.
Many logs were labeled “Mars-pro-iot-error” or “SF-iot-error,” indicating that these error reports contained a goldmine of sensitive data, including API tokens, device types, IP addresses, and Wi-Fi credentials.
Security Response and Lingering Questions
Once Fowler discovered the breach, he promptly notified LG-LED SOLUTIONS and Mars Hydro. Within hours, access to the database was restricted. Mars Hydro confirmed that its “Mars Pro” app, available on both iOS and Android, is their official product.
However, there are still many unanswered questions, including:
- Was the database managed directly by LG-LED SOLUTIONS, or did a third-party contractor handle it?
- How long was the database left unprotected?
- Were unauthorized parties able to access the leaked data before it was secured?
So far, neither Mars Hydro nor LG-LED SOLUTIONS have commented on the breach’s origin or the involvement of third-party providers.
Related Read: How Does a Password Manager Ensure Your Digital Safety?
Why This Data Leak is a Huge Security Risk
The exposure of this sensitive data creates severe security risks, including:
- Network Infiltration: Hackers could use leaked Wi-Fi credentials to gain access to home and business networks, allowing them to intercept data, inject malware, or launch ransomware attacks.
- Botnet Recruitment: Compromised IoT devices could be hijacked for large-scale DDoS attacks, similar to past incidents linked to groups like the Matrix hacker collective.
- Physical Threats: Cybercriminals could remotely manipulate connected grow lights, fans, or cooling systems—potentially damaging crops or disrupting critical agricultural operations.
Fowler also warned of a “nearest neighbor attack”, a hacking method used by Russian GRU hackers in 2024 to infiltrate a Ukraine-focused organization through nearby Wi-Fi networks. This method could be used against victims of this data breach, allowing cybercriminals to target networks simply by being in physical proximity.
According to a Palo Alto Networks report, 98% of IoT device data is unencrypted, and 57% of connected devices have critical vulnerabilities—further underscoring the dangers of unsecured smart devices.
Read More: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
A Wake-Up Call for IoT Security
This massive data leak highlights significant flaws in IoT security, including:
- Weak Encryption: Most IoT devices still work with an obsolete protocol, WPA2, which is susceptible to brute-force attacks.
- Default Passwords: Most users usually forget to change the default settings and expose the device to cyber incursions.
- Centralized Cloud Risks: A cloud server would be a single point of failure when a huge amount of sensitive information is held securely in an unsecured cloud server.
Security researchers report that this new breach might be linked to the Orvibo data leak from 2019, a smart-device-making company in China that had similar exposures to IoT data.
Cybersecurity experts strongly urge IoT manufacturers and users to take the following steps:
- Encrypt sensitive logs and avoid storing credentials in plain text
- Network segmentation of IoT devices from critical systems
- Regularly conduct security audits and penetration testing to detect vulnerabilities
However, Fowler has added that the findings are meant to “raise awareness,” and at this point, there is no direct indication of malicious use. However, this incident is evidence that IoT security needs serious attention before it is too late.
| Your Data Deserves the Best Protection!
AVP Suite detects & prevents breaches before it’s too late Try AVP Suite for Free! |
How AVP Suite Prevents Data Breaches
AVP Suite has a robust data breach tool that keeps sensitive information contained to the user. Here’s how AVP keeps your data secure:
- Comprehensive Cybersecurity: AVP Total Security monitors your computer against cyber breaches and notifies you of unusual activity before escalating.
- Advanced Malware & Virus Protection: AVP Antivirus Software protects your devices from malicious software that may access your files and leak data.
- Identity Theft Protection: Protect your digital identity effectively and keep emerging threats in check.
- Secure Password Management: Now, this is the most essential part. Do not, we repeat, don’t neglect the usage of a password manager. That said, you can use AVP password protection to generate and store complex passwords, eliminating the chances of unauthorized access.
- Real-Time Updates & Scans: Always prefer regular security scans and automatic updates to protect yourself from emerging threats.
Get in touch with your digital security today—AVP Suite keeps your data secure from breaches and threats!
Conclusion
Yet, with the increase in data breaches, such as the most recent IoT breach that revealed 2.7 billion records, AVP Suite is ready to secure your entire digital life. AVP Total Security and AVP antivirus software are robustly protecting you from another data breach.
Protect your information now—download AVP Total Security today!
A staggering 2.7 billion records containing sensitive user data—including Wi-Fi network names, passwords, IP addresses, and device identifiers—were exposed in a major IoT security breach. The leak has been linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED, a California-registered company.
The unprotected database, totaling 1.17 terabytes, was discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor. What’s alarming is that this database was publicly accessible, with no password protection or encryption, putting millions of IoT users at risk.
How the Breach Happened
The exposed database contained the following:
- Wi-Fi SSIDs (network names) and passwords in plain text
- IP addresses, device IDs, MAC addresses, and operating system details (iOS/Android)
- API tokens, app versions, and error logs labeled “Mars-pro-iot-error” or “SF-iot-error.”
The breach seems tied to Mars Hydro’s Mars Pro app, which controls IoT grow lights and climate systems. Strangely, the app’s privacy policy states that it does not collect user data, contradicting the evidence found in the exposed logs.
Further investigation also linked the leaked records to LG-LED SOLUTIONS LIMITED, a company registered in California. Some records contained direct API details and links to LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer—all agricultural grow lights, fans, and cooling systems manufacturers.
Many logs were labeled “Mars-pro-iot-error” or “SF-iot-error,” indicating that these error reports contained a goldmine of sensitive data, including API tokens, device types, IP addresses, and Wi-Fi credentials.
Security Response and Lingering Questions
Once Fowler discovered the breach, he promptly notified LG-LED SOLUTIONS and Mars Hydro. Within hours, access to the database was restricted. Mars Hydro confirmed that its “Mars Pro” app, available on both iOS and Android, is their official product.
However, there are still many unanswered questions, including:
- Was the database managed directly by LG-LED SOLUTIONS, or did a third-party contractor handle it?
- How long was the database left unprotected?
- Were unauthorized parties able to access the leaked data before it was secured?
So far, neither Mars Hydro nor LG-LED SOLUTIONS have commented on the breach’s origin or the involvement of third-party providers.
Related Read: How Does a Password Manager Ensure Your Digital Safety?
Why This Data Leak is a Huge Security Risk
The exposure of this sensitive data creates severe security risks, including:
- Network Infiltration: Hackers could use leaked Wi-Fi credentials to gain access to home and business networks, allowing them to intercept data, inject malware, or launch ransomware attacks.
- Botnet Recruitment: Compromised IoT devices could be hijacked for large-scale DDoS attacks, similar to past incidents linked to groups like the Matrix hacker collective.
- Physical Threats: Cybercriminals could remotely manipulate connected grow lights, fans, or cooling systems—potentially damaging crops or disrupting critical agricultural operations.
Fowler also warned of a “nearest neighbor attack”, a hacking method used by Russian GRU hackers in 2024 to infiltrate a Ukraine-focused organization through nearby Wi-Fi networks. This method could be used against victims of this data breach, allowing cybercriminals to target networks simply by being in physical proximity.
According to a Palo Alto Networks report, 98% of IoT device data is unencrypted, and 57% of connected devices have critical vulnerabilities—further underscoring the dangers of unsecured smart devices.
Read More: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
A Wake-Up Call for IoT Security
This massive data leak highlights significant flaws in IoT security, including:
- Weak Encryption: Most IoT devices still work with an obsolete protocol, WPA2, which is susceptible to brute-force attacks.
- Default Passwords: Most users usually forget to change the default settings and expose the device to cyber incursions.
- Centralized Cloud Risks: A cloud server would be a single point of failure when a huge amount of sensitive information is held securely in an unsecured cloud server.
Security researchers report that this new breach might be linked to the Orvibo data leak from 2019, a smart-device-making company in China that had similar exposures to IoT data.
Cybersecurity experts strongly urge IoT manufacturers and users to take the following steps:
- Encrypt sensitive logs and avoid storing credentials in plain text
- Network segmentation of IoT devices from critical systems
- Regularly conduct security audits and penetration testing to detect vulnerabilities
However, Fowler has added that the findings are meant to “raise awareness,” and at this point, there is no direct indication of malicious use. However, this incident is evidence that IoT security needs serious attention before it is too late.
Your Data Deserves the Best Protection!
AVP Suite detects & prevents breaches before it’s too late
Try AVP Suite for Free!
How AVP Suite Prevents Data Breaches
AVP Suite has a robust data breach tool that keeps sensitive information contained to the user. Here’s how AVP keeps your data secure:
- Comprehensive Cybersecurity: AVP Total Security monitors your computer against cyber breaches and notifies you of unusual activity before escalating.
- Advanced Malware & Virus Protection: AVP Antivirus Software protects your devices from malicious software that may access your files and leak data.
- Identity Theft Protection: Protect your digital identity effectively and keep emerging threats in check.
- Secure Password Management: Now, this is the most essential part. Do not, we repeat, don’t neglect the usage of a password manager. That said, you can use AVP password protection to generate and store complex passwords, eliminating the chances of unauthorized access.
- Real-Time Updates & Scans: Always prefer regular security scans and automatic updates to protect yourself from emerging threats.
Get in touch with your digital security today—AVP Suite keeps your data secure from breaches and threats!
Conclusion
Yet, with the increase in data breaches, such as the most recent IoT breach that revealed 2.7 billion records, AVP Suite is ready to secure your entire digital life. AVP Total Security and AVP antivirus software are robustly protecting you from another data breach.
Protect your information now—download AVP Total Security today!
AVP Suite blocks data breaches & keeps hackers away
Start Your Free Trial!
