A major online data breach has leaked 2.7 billion records. Jeremiah Fowler, a cybersecurity researcher, has reported that the data breach has leaked records of Mars Hydro, a China-based company that makes IoT (Internet of Things) devices.
Online data breach has leaked 2.7 billion records linked with SSID names, passwords, and more
Fowler has discovered and reported the latest online data breach to vpnMentor. It includes details of a non-password-protected database containing 2.7 billion records belonging to Mars Hydro. The company makes IoT grow lights and software apps that allow users to control smart home devices, timers, and settings remotely.
Upon further research, the researcher found that these records also belonged to LG-LED SOLUTIONS LIMITED, a California-registered company. Some of the records contained API details and URL links to Spider Farmer, which also manufactures and sells grow lights, fans, and cooling solutions for agricultural purposes.
As per the researcher, the size of the leaked database is around 1.17 Terabytes. Fowler claims to have seen 13 folders in the database that contain more than 100 million records with SSID (service set identifier), commonly known as your Wi-Fi network name. Furthermore, these leaked records also contain millions of passwords, IP addresses, device ID numbers, and email addresses.
Affected devices in the latest data breach
Threat actors can link many records to products controlled by internet-connected devices like smartphones in the latest massive data breach. A previous report estimated that 57 percent of all IoT products were highly vulnerable to security attacks. Also, a whopping 98 percent of data transmitted by these devices is unencrypted.
“The hypothetical worst-case scenario would be if someone used this information for surveillance, man-in-the-middle (MITM) attacks, mapping networks and critical infrastructure, or other potential misuses,” Fowler said.
It’s worth mentioning that threat actors have targeted IoT devices before, particularly with botnet attacks. These attacks have risen by 500 percent in recent years and are an escalating issue. Notably, hackers identify known software flaws or easy-to-break passwords within IoT networks.
Once an attacker compromises a device, a botnet can spread malware, launch DDoS attacks, or infiltrate critical systems. That said, always use a unique and strong password for your IoT or any other internet-connected device to safeguard your data from threat actors.