2.7 billion records. No password on the database. Your Wi-Fi name and password, your IP address, your device IDs — all sitting in an unprotected database anyone could find. Mars Hydro makes grow lights. They stored your home network credentials in a database with no lock on the door. The fish tank of 2025 is a grow light. Your Wi-Fi password. In a database. On the internet. No protection. If someone wanted to join your home network, they just needed to find this database — which had no password. Three brands, one cloud, zero security. A grow light exposed the keys to your entire home network.
What they claim: Mars Hydro promotes smart grow lights with app-based climate control
What we found: In February 2025, security researcher Jeremiah Fowler discovered a 1.17 terabyte unprotected database containing 2.7 billion records from Mars Hydro, LG-LED Solutions, and Spider Farmer IoT devices. The database — with no password protection — contained Wi-Fi network names and passwords, IP addresses, device IDs, API tokens, and operating system details of users worldwide.
What they claim: Mars Hydro describes standard data collection for smart device functionality
What we found: The exposed database included Wi-Fi passwords that could allow attackers to join victims' home networks remotely. Combined with IP addresses and device identifiers, the leak created a roadmap for targeting individual households. The data spanned users of Mars Hydro, Spider Farmer, and LG-LED Solutions — three brands sharing one unsecured cloud infrastructure.