TECH NEWS – A massive attack resulted in 2.7 billion records changing hands because a database was not adequately protected.

Companies are increasingly looking to improve their digital security, which requires them to constantly check their systems for vulnerabilities. However, phishing can still be successful. This time it was Mars Hydro, a Chinese company specializing in indoor cultivation and hydroponics, which had 2.7 billion records in its database that were accessible to cyber attackers.

This database contained very sensitive information. It included data related to smartphones and operating systems (iOS or Android), as well as details related to Wi-Fi networks (SSID network names, passwords). Perhaps if the Chinese company had password protected this, it would not have been a problem, but Mars Hydro forgot to do so. The IP addresses, the email addresses were also in the database, so attackers could gain access to the devices and networks, so criminals could monitor the users and then strike later! There could even be man-in-the-middle attacks (manipulating traffic between users and the device).

And this is the most dangerous, because neither the user nor the device they are using can recognize that their communication has been compromised. As a result, the user’s identity can be forged, and attackers can gain access to sensitive login credentials, financial information, and even corporate data as part of an eavesdropping attack. Mars Hydro uses smartphones to manage its hydroponic equipment, and its app is available on the Google Play Store and Apple App Store in English, German, French, and Chinese. Although they do not in principle collect user data, IoT devices connected to the user’s network may have transmitted information and built a database.

This could be particularly embarrassing for Mars Hydro. We have not yet heard of any misuse of the data they have collected, but you never know when they might strike. This story shows that privacy needs to be taken seriously.

Source: WCCFTech