Recently, security researcher Anurag Sen discovered an exposed internal database that contained personal details of drivers at Shell’s electric vehicle charging stations.
Although the database had close to a terabyte of logging data relating to Shell Recharge, the company’s worldwide network of electric vehicle charging stations, it had no security measures in place.
The exposed data included names, email addresses, phone numbers, and vehicle identification numbers of millions of EV charging network users.
Moreover, the database included the location of the charging points, including the private residential charging points of some notable individuals such as Greenlots CEO Andreas Lips’ home. In this blog post, we will discuss how Shell is investigating the exposed internal database.
According to TechCrunch, after Sen contacted Shell regarding the exposed database, the company did not respond. It was only after TechCrunch notified Shell that the exposed database became inaccessible.
Although it is still unclear what led to the public exposure of the database or how long the data was public, some of the information was as recent as 2023.
This has been an issue for EV charging station software companies for a long time. EV charging station software not only collects EV driver data, it connects the EV charging station to the electric car and also in many cases connects to the local utility which has raised concerns about cyber terrorism shutting down the grid.
Shell has confirmed that they are aware of the issue and are currently investigating the matter. In a statement released by the company, Shell said that the data exposed in the breach was not financial and that it was working to identify the cause of the issue and take appropriate steps to resolve it. The company further stated that it values its customers’ privacy and takes cybersecurity seriously.
Moreover, Shell has reassured its customers that no payment card details or passwords were exposed in the breach. However, customers who use Shell Recharge have been advised to remain vigilant and check their accounts for any unusual activity.
Although it is not clear how many customers were impacted by the breach, this incident is a reminder of the importance of cybersecurity. With the rise in the use of electric vehicles globally, the need for companies to ensure the security of their customers’ details cannot be overemphasized.
In conclusion, the recent exposure of Shell’s internal database containing personal details of drivers at its electric vehicle charging stations is a cause for concern. The incident highlights the need for companies to have robust cybersecurity measures in place and be proactive in addressing any security breaches. Shell has taken quick action by launching an investigation into the incident and is working to identify and resolve any issues. As customers, we must remain vigilant and take steps to protect our personal information by regularly checking our accounts for any unusual activity.