Massive online data breach sees 2.7 billion records leaked - here's what we know

No broadband network
(Image credit: Shutterstock)

  • An IoT firm has suffered a major data breach, experts warn
  • The leak exposed a Mars Hydro databse containing almost 2.7 billion records
  • The records were primarily comprised of WiFi and network device information

Mars Hydro, a Chinese firm which produces a range of Internet of Things (IoT) devices such as LED lights and hydroponics equipment, has suffered a massive data breach after an unprotected database containing nearly 2.7 billion records was discovered online.

Security researcher Jeremiah Fowler identified the non-password protected database, which included WiFi network names, passwords, IP addresses, device numbers, and more.

Users of these products should be aware that there may be a risk of the details of their WiFi networks being compromised, and there could be national security implications if the information falls into the wrong hands. Although the researcher doesn’t suggest any personally identifiable information was exposed, users should still understand the risks, here’s what we know.

Vulnerable devices

Many of the products are controlled by internet connected devices (like smartphones), and information about these was included in the breach. It’s not yet clear whether the database is managed or owned directly by Mars Hydro and LG-LED SOLUTIONS, or whether this was run through a third party contractor.

There are privacy and device security concerns and, as Fowler points out, a previous report estimated that ‘57% of IoT devices were considered highly vulnerable, and 98% of data transmitted by these devices is unencrypted.'

“The hypothetical worst case scenario would be if this information was used for surveillance, man-in-the-middle (MITM) attacks, mapping of networks and critical infrastructure, or other potential misuse” Fowler said.

Whilst there was no evidence of threat actors accessing the breached data, there is a concern that the information could be accessed by foreign governments and used for ‘surveillance or intelligence gathering’ purposes.

“I am not stating nor implying that these companies are engaged in any of these activities or that their users are at risk" Fowler continued.

"I am not claiming that just because an application was made in China or has Chinese ownership there is an imminent risk. I am only highlighting what data is collected and how it could be a potential security risk in the wrong hands.”

IoT devices have been targeted before, particularly by botnet attacks, which have risen 500%, and are an escalating issue. Known software flaws or easy to break passwords are found within a network. Once a device is compromised, this can lead to a botnet of compromised devices, which can be used to spread malware, launch DDoS attacks or infiltrate critical systems.

Data breach complications

In this dataset, the research describes seeing “a massive amount of exposed SSID names, passwords, MAC addresses, and user IP addresses that could potentially allow unauthorized remote access to the device's Wi-Fi network.”

This means the exposed credentials could theoretically allow an attacker to connect to the network and compromise other devices. Nokia recently reported IoT devices engaged in botnet-driven DDoS attacks have increased 500% over the past 18 months and now make up 40% of all DDoS traffic.

To mitigate the risks, admins should first be sure to immediately change any default passwords. The passwords the IoT tools come with are often shared across fleets of the same device - unchanged passwords might mean hackers already have access.

A strong, unique password is essential for any device, and we’ve put together a list of tips for creating a secure and safe password if you need any advice.

Another important consideration is strengthening your software. Patch management is crucial, integral to your vulnerability management program, and staying up to date gives you an extra layer of protection from zero-day exploitation.

Last but not least, be proactive. Complacency and weak backend safeguards are what hackers count on, so closely monitoring for suspicious behavior segmenting networks, and consolidating endpoint management with a unified console can all help keep you protected.

We’ve put together a guide for admins, if you want to see some more detailed advice.

You might also like

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Data leak
A major Keenetic router data leak could put a million households at risk
healthcare
Over a million clinical records exposed in data breach
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring