Oil giant Shell is conducting an investigation after a security researcher discovered an exposed internal database containing the personal information of drivers who use the company’s electric vehicle charging stations. The researcher, Anurag Sen, found a nearly terabyte-sized database online that contained logging data associated with Shell Recharge, the company’s global network of hundreds of thousands of electric vehicle charging stations.

The database, hosted on Amazon’s cloud, was found to be accessible without a password, making it open to anyone on the internet. Sen reported that the database contained millions of logs, including details of customers who utilized the EV charging network. The exposed data, viewed by TechCrunch, included names, email addresses, and phone numbers of fleet customers using the charging network. Additionally, the database contained information about fleet operators, such as police departments, which revealed the organizations associated with vehicles utilizing the network. Vehicle identification numbers (VINs) were also present in some records.

Sen also discovered that the database contained information on the locations of Shell’s EV charging stations, including private residential charging points. Notably, one of the exposed records contained the residential address of Greenlots CEO Andreas Lips, who previously provided electric vehicle charging services and technology.

The exact cause of the exposure and the duration of the data’s public accessibility are currently unknown. Sen notified Shell about the exposed database, but after not receiving a response, TechCrunch contacted the company on his behalf. Subsequently, the database became inaccessible shortly after Shell was alerted.

In response to the incident, Shell spokesperson Anna Arata stated that the company has taken measures to contain and identify the exposure of Shell Recharge Solutions data. Shell is actively investigating the incident, monitoring its IT systems, and will take necessary actions based on the investigation’s findings.

Anurag Sen has previously discovered exposed data from companies like Amazon, Hotai Motor, PeopleGrove, and JusTalk. Earlier this year, he uncovered a database containing sensitive U.S. military emails belonging to the U.S. Special Operations Command.

Oil giant Shell is conducting an investigation after a security researcher discovered an exposed internal database containing the personal information of drivers who use the company’s electric vehicle charging stations. The researcher, Anurag Sen, found a nearly terabyte-sized database online that contained logging data associated with Shell Recharge, the company’s global network of hundreds of thousands of electric vehicle charging stations.

The database, hosted on Amazon’s cloud, was found to be accessible without a password, making it open to anyone on the internet. Sen reported that the database contained millions of logs, including details of customers who utilized the EV charging network. The exposed data, viewed by TechCrunch, included names, email addresses, and phone numbers of fleet customers using the charging network. Additionally, the database contained information about fleet operators, such as police departments, which revealed the organizations associated with vehicles utilizing the network. Vehicle identification numbers (VINs) were also present in some records.

Sen also discovered that the database contained information on the locations of Shell’s EV charging stations, including private residential charging points. Notably, one of the exposed records contained the residential address of Greenlots CEO Andreas Lips, who previously provided electric vehicle charging services and technology.

The exact cause of the exposure and the duration of the data’s public accessibility are currently unknown. Sen notified Shell about the exposed database, but after not receiving a response, TechCrunch contacted the company on his behalf. Subsequently, the database became inaccessible shortly after Shell was alerted.

In response to the incident, Shell spokesperson Anna Arata stated that the company has taken measures to contain and identify the exposure of Shell Recharge Solutions data. Shell is actively investigating the incident, monitoring its IT systems, and will take necessary actions based on the investigation’s findings.

Anurag Sen has previously discovered exposed data from companies like Amazon, Hotai Motor, PeopleGrove, and JusTalk. Earlier this year, he uncovered a database containing sensitive U.S. military emails belonging to the U.S. Special Operations Command.