Massive online data breach sees 2.7 billion records leaked - here's what we know

No broadband network
(Image credit: Shutterstock)

  • An IoT firm has suffered a major data breach, experts warn
  • The leak exposed a Mars Hydro databse containing almost 2.7 billion records
  • The records were primarily comprised of WiFi and network device information

Mars Hydro, a Chinese firm which produces a range of Internet of Things (IoT) devices such as LED lights and hydroponics equipment, has suffered a massive data breach after an unprotected database containing nearly 2.7 billion records was discovered online.

Security researcher Jeremiah Fowler identified the non-password protected database, which included WiFi network names, passwords, IP addresses, device numbers, and more.

Users of these products should be aware that there may be a risk of the details of their WiFi networks being compromised, and there could be national security implications if the information falls into the wrong hands. Although the researcher doesn’t suggest any personally identifiable information was exposed, users should still understand the risks, here’s what we know.

Vulnerable devices

Many of the products are controlled by internet connected devices (like smartphones), and information about these was included in the breach. It’s not yet clear whether the database is managed or owned directly by Mars Hydro and LG-LED SOLUTIONS, or whether this was run through a third party contractor.

There are privacy and device security concerns and, as Fowler points out, a previous report estimated that ‘57% of IoT devices were considered highly vulnerable, and 98% of data transmitted by these devices is unencrypted.'

“The hypothetical worst case scenario would be if this information was used for surveillance, man-in-the-middle (MITM) attacks, mapping of networks and critical infrastructure, or other potential misuse” Fowler said.

Whilst there was no evidence of threat actors accessing the breached data, there is a concern that the information could be accessed by foreign governments and used for ‘surveillance or intelligence gathering’ purposes.

“I am not stating nor implying that these companies are engaged in any of these activities or that their users are at risk" Fowler continued.

"I am not claiming that just because an application was made in China or has Chinese ownership there is an imminent risk. I am only highlighting what data is collected and how it could be a potential security risk in the wrong hands.”

IoT devices have been targeted before, particularly by botnet attacks, which have risen 500%, and are an escalating issue. Known software flaws or easy to break passwords are found within a network. Once a device is compromised, this can lead to a botnet of compromised devices, which can be used to spread malware, launch DDoS attacks or infiltrate critical systems.

Data breach complications

In this dataset, the research describes seeing “a massive amount of exposed SSID names, passwords, MAC addresses, and user IP addresses that could potentially allow unauthorized remote access to the device's Wi-Fi network.”

This means the exposed credentials could theoretically allow an attacker to connect to the network and compromise other devices. Nokia recently reported IoT devices engaged in botnet-driven DDoS attacks have increased 500% over the past 18 months and now make up 40% of all DDoS traffic.

To mitigate the risks, admins should first be sure to immediately change any default passwords. The passwords the IoT tools come with are often shared across fleets of the same device - unchanged passwords might mean hackers already have access.

A strong, unique password is essential for any device, and we’ve put together a list of tips for creating a secure and safe password if you need any advice.

Another important consideration is strengthening your software. Patch management is crucial, integral to your vulnerability management program, and staying up to date gives you an extra layer of protection from zero-day exploitation.

Last but not least, be proactive. Complacency and weak backend safeguards are what hackers count on, so closely monitoring for suspicious behavior segmenting networks, and consolidating endpoint management with a unified console can all help keep you protected.

We’ve put together a guide for admins, if you want to see some more detailed advice.

You might also like

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Data leak
This top security camera streaming app may have been putting thousands of users at risk
healthcare
Over a million clinical records exposed in data breach
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over