Shell Recharge Security Lapse Exposed EV Drivers' Data
upstart writes:
Shell Recharge security lapse exposed EV drivers' data:
Security researcher Anurag Sen found a database online that contained close to a terabyte of logging data relating to Shell Recharge, the company's worldwide network of hundreds of thousands of electric vehicle charging stations, which it acquired in part from Greenlots in 2019. Greenlots provided electric vehicle (EV) charging services and technology for customers operating vehicle fleets.
The internal database, hosted on Amazon's cloud, contained millions of logs, said Sen, including details about customers who used the EV charging network. The database had no password, allowing anyone on the internet to access its data from their web browser.
The data, seen by TechCrunch, contained names, email addresses, and phone numbers of fleet customers who use the EV charging network. The database included the names of fleet operators, which identified organizations - such as police departments - with vehicles that recharge on the network. Some of the data included vehicle identification numbers, or VINs.
[...] Shell spokesperson Anna Arata told TechCrunch in a statement: "Shell has taken steps to contain and identify an exposure of Shell Recharge Solutions data. We are investigating the incident, continue to monitor our IT systems, and will take any necessary future actions accordingly."
Read more of this story at SoylentNews.