Uber points the finger at rival Lyft following data hack

Uber has identified the IP addresses of those responsible for its February data breach which saw the license numbers and names of 50,000 drivers stolen and distributed.

Two sources close to Uber say the company has whittled the perpetrator of the attack down to a Comcast IP address, intent on unmasking the individual behind the breach via legal proceedings at a the San Francisco court.

Lyft's technology chief, Chris Lambert, was implicated by sources who told Reuters his IP address had access to a security key used in the breach.

However the IP address in question subject to the subpoena has been censored by the court and Reuter’s two sources provide the only link between Lambert and the hack. The court papers as a result make no mention or connection between the Lyft executive mentioned in the Reuters investigation.

An Uber subpoena of Comcast records “was "reasonably likely" to help reveal the "bad actor" behind the data breach.

The perpetrator had access to the Uber digital security key which ultimately left an open door to the company’s driver database, and although publically available, the sources claim Uber investigations have pinpointed Lambert’s as one of the IP addresses accessing the data.

Lyft denies the allegations claiming it had investigated the matter “long ago” and concluded “there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber’s May 2014 data breach”.

Lyft, although smaller than Uber in scale, now has the backing of Uber’s Chinese rival Didi Kuaidi, following a secretive investment back in May.

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.