A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs.
Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database associated with Mars Hydro, a Chinese IoT grow light company, and LG-LED Solutions from California. He reported his findings to vpnMentor, which shared them exclusively with Infosecurity.
By infosecbulletin
/ Monday , June 23 2025
A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
By infosecbulletin
/ Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
By infosecbulletin
/ Monday , June 16 2025
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
By infosecbulletin
/ Sunday , June 15 2025
WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...
Read More
By infosecbulletin
/ Saturday , June 14 2025
Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...
Read More
By infosecbulletin
/ Friday , June 13 2025
HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...
Read More
By infosecbulletin
/ Friday , June 13 2025
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
Read More
The unprotected database, totaling 1.17 terabytes, had 13 folders with over 100 million records each. Error logs also exposed device operating systems, API tokens, and app versions.
This data probably came from users of the Mars Hydro Mars Pro app for iOS and Android. Although Mars Hydro quickly limited access after the breach, there are still concerns about how long the data was exposed and if unauthorized parties accessed it.
Risks of IoT Data Breaches:
The exposed data poses serious risks, including unauthorized network access and attacks like “nearest neighbor” exploits, where cybercriminals take over nearby Wi-Fi networks.
“In November 2024, it was reported that Russian military hackers from the GRU’s Unit 26165, also known as APT28 or Fancy Bear, used […] ‘nearest neighbor attack’ to breach an organization based in Washington, D.C. that was focused on supporting Ukraine,” Fowler said.
“The hackers compromised a nearby organization’s network that was simply in range of the target’s Wi-Fi and then gained access to the victim’s network.”
Palo Alto Networks research shows that 57% of IoT devices are vulnerable because of outdated operating systems or insufficient encryption. Many devices have weak credentials, emphasizing the need for improved security measures.
Experts advise encrypting sensitive logs, changing default passwords, conducting regular security audits, and restricting public cloud access to private repositories to reduce future risks.