Mars Hydro, a Chinese company specializing in IoT grow lights, has exposed approximately 2.7 billion records due to an unsecured database.

The breach, discovered by cybersecurity researcher Jeremiah Fowler, underscores critical vulnerabilities in IoT security practices.

The exposed database, totaling 1.17 terabytes, was accessible without password protection and contained sensitive information including Wi-Fi network names, passwords, IP addresses, device IDs, and email addresses. The data linked to several companies, notably LG-LED Solutions Limited and Spider Farmer, highlighting a broader impact across their products.

Mars Hydro promptly secured the database post-notification, yet the exposure duration and potential unauthorized access remain uncertain, necessitating a forensic audit. The breach poses risks such as unauthorized device control, MITM attacks, network infiltration, and credential exploitation, emphasizing the need for enhanced security measures.

To mitigate such risks, experts recommend implementing strong authentication, encrypting sensitive data, conducting regular security audits, and educating users on secure practices.

A spokesperson urged swift action to safeguard user data, while Fowler warned of growing IoT vulnerabilities.