61/68 Friday, February 14, 2025
A major data breach has been discovered in the database of Mars Hydro, a manufacturer of smart IoT grow lights, exposing over 1.17 terabytes of data and 2.7 billion records without any security protection. The leaked information includes Wi-Fi network names (SSIDs), passwords, IP addresses, device IDs, email addresses, and other sensitive details, potentially enabling cybercriminals to launch attacks. Cybersecurity researcher Jeremiah Fowler identified the vulnerability and promptly alerted Mars Hydro and LG-LED SOLUTIONS LIMITED, which is involved in the product distribution. As a result, the database was taken offline within hours.
The leaked data also revealed that the affected devices connect to users’ smartphones, which control the IoT system through the Mars Pro app. This could allow cyber threats such as Man-in-the-Middle attacks, data theft, and remote device control. Additionally, researchers found evidence of APIs and URLs linked to other IoT device manufacturers, including Spider Farmer and LG-LED SOLUTIONS, suggesting their involvement in storing this data. However, it remains unclear which company had direct control over the exposed database.
This incident serves as a stark reminder of the security risks associated with IoT devices that lack proper data protection. Reports indicate that 57% of IoT devices have severe vulnerabilities, and 98% of transmitted data is unencrypted. Security experts recommend that IoT manufacturers implement strong encryption, avoid storing plaintext data, and conduct regular security audits to prevent similar breaches in the future.
Source https://hackread.com/1tb-data-leak-expose-billions-iot-grow-light-records/
