[ad_1]
Shell Investigates Exposed Database of EV Charging Station Users’ Personal Information
Oil giant Shell is investigating an exposed internal database after a security researcher found it leaking the personal information of drivers who use the company’s electric vehicle charging stations.
The Details of the Exposed Database
Security researcher Anurag Sen discovered a database online that contained close to a terabyte of logging data related to Shell Recharge, the company’s worldwide network of hundreds of thousands of electric vehicle charging stations, which it acquired in part from Greenlots in 2019. The database had no password, allowing anyone on the internet to access its data from a web browser. The data contained names, email addresses, phone numbers, and vehicle identification numbers (VINs) of Shell’s EV charging network customers. The database also included the names of fleet operators, which identified organizations that have vehicles that recharge on the network. Additionally, the database included the locations of Shell’s EV charging stations, including private residential charging points. The exposed records were not time-limited, and some of the information is as recent as 2023.
Contacting Shell and ‘s Alert
Sen contacted Shell after discovering the exposed database. alerted Shell as Sen did not hear back from the company. A short time after contacted Shell, the database became inaccessible.
Shell’s Response
Shell spokesperson Anna Arata said Shell has taken steps to contain and identify the exposure of Shell Recharge Solutions data. The company is investigating the incident, monitoring its IT systems, and will take any necessary future actions.
Previous Discoveries by Sen
Sen has previously found exposed data belonging to Amazon, Hotai Motor, PeopleGrove, and JusTalk. Earlier this year, Sen discovered a database containing sensitive U.S. military emails belonging to U.S. Special Operations Command.
FAQs
What is the impact of the exposed database?
The exposed database compromised the personal information of customers who use Shell’s electric vehicle charging stations. The data contained names, email addresses, phone numbers, and vehicle identification numbers of customers who use the charging stations. The database also included the locations of Shell’s EV charging stations, including private residential charging points.
What steps has Shell taken to address the exposure of the database?
Shell has responded to the exposure of the database by taking steps to contain and identify the exposure of Shell Recharge Solutions data. The company is investigating the incident, monitoring its IT systems, and will take any necessary future actions.
How was the exposed database discovered?
Security researcher Anurag Sen discovered an exposed database online that contained close to a terabyte of logging data related to Shell Recharge, the company’s worldwide network of electric vehicle charging stations that it acquired in part from Greenlots in 2019. The database had no password, allowing anyone on the internet to access its data from a web browser.
What other discoveries has Anurag Sen made?
Anurag Sen has previously found exposed data belonging to Amazon, Hotai Motor, PeopleGrove, and JusTalk. Earlier this year, Sen discovered a database containing sensitive U.S. military emails belonging to U.S. Special Operations Command.
Conclusion
Shell’s internal database exposed customer data of the company’s worldwide network of electric vehicle charging stations. The data contained personal information of customers, including their names, email addresses, and vehicle identification numbers. The database also included the locations of Shell’s EV charging stations, including private residential charging points. Shell has taken steps to contain and identify the exposure of Shell Recharge Solutions data and will investigate, monitor its IT systems, and take necessary future action as needed.
[ad_2]
For more information, please refer this link