2.7 Billion Personal Data Records Exposed in Massive Data Breach

Organizations and businesses are increasingly focusing on ensuring digital security by regularly reviewing their systems and detecting vulnerabilities that could expose them to security risks. However, despite these efforts, phishing attacks are still common, and the risk of data leakage is always present.

This is the case of Mars Hydro, a Chinese company specializing in hydroponics and indoor plant growing equipment, which suffered a massive data breach. An estimated 2.7 billion records were leaked from an unprotected database. The incident exposed a huge amount of customer data, including sensitive information such as Wi-Fi network names, passwords, IP addresses, device ID numbers, email addresses, and even the type of phone (iOS or Android) the user was using.

Specifically, because the Mars Hydro database was not password protected, a large amount of information was leaked, including Wi-Fi network names (SSIDs) and passwords, IP addresses, email addresses, and details about the smartphones used. This not only led to the risk of unauthorized access to the device and network, but also created opportunities for cybercriminals to track communications and target users through compromised contact information. The leaked data could even lead to 'man-in-the-middle' attacks, where traffic between the user and the device could be manipulated.

Of all the threats, a 'man-in-the-middle' attack is the most dangerous because the two parties involved in the communication will be unaware of the attacker's intervention. This can even lead to impersonation, as the attacker can access sensitive login credentials, financial information, and even corporate data through eavesdropping.

Mars Hydro uses smartphones to control some of its hydroponic products, so the company offers a mobile app on both the App Store and the Google Play Store. The app supports multiple languages, including English, French, Chinese, and German. While the app's privacy policy states that it does not collect user data, it is possible that IoT (Internet of Things) devices may have transmitted information when connected to a user's network, leading to a data breach.

While there is currently little information about how the leaked data has been used for malicious purposes, the risk is always there. Therefore, companies need to strengthen database security and raise awareness of vulnerabilities in their systems.

Users of Mars Hydro products are advised to immediately change their Wi-Fi passwords, update software on internet-connected devices and be wary of suspicious emails or messages.

David Pac

Update 26 May 2025