In a recent incident, Shell Recharge inadvertently leaked the data of electric vehicle drivers through an unsecured database. This information was brought to light by cybersecurity researcher Anurag Sen, who alerted TechCrunch. The database, which was nearly one terabyte in size, contained names, email addresses, and phone numbers of lease drivers utilizing Shell Recharge charging stations, as well as the names of fleet managers, including law enforcement agencies.
Furthermore, Sen discovered that the database also included the locations of Recharge charging stations, including residential charging points. As a result, the address details of the CEO of Greenlots, a charging network company acquired by Shell, were found. The database, hosted on the Amazon cloud, contained millions of logs containing customer data from the charging stations.
Alarmingly, the database had no password protection and was easily accessible through a web browser by anyone. Despite Sen’s attempt to notify Shell, he received no response. However, after TechCrunch informed the company about the issue, access to the database was promptly revoked.
Shell Recharge has acknowledged the existence of the accessible data and has initiated an investigation into the incident to determine the extent of the breach and prevent such occurrences in the future.