Uber is blaming Lyft exec for data breach, report says

Steven Loeb · October 8, 2015 · Short URL: https://vator.tv/n/4094

Sources say Uber found a Comcast IP address belonging to Lyft CTO Chris Lambert

The war between Uber and Lyft got pretty ugly in 2014 with some pretty big accusations being thrown around, including potential fraud and theft. So far this year things seemed to have quieted down, but now it's starting to heat up again. And, again, one side is alleging some pretty serious charges against the other.

Unlike the last two times, though, now Uber is the one doing the blaming.

As you may remember, back In February, the company revealed that it has been hit with a massive breach, in which the information of up to 50,000 drivers, including their names and driver’s license numbers, were accessed.

During its investigation over the last eight months, Uber became aware of an an unidentified person who used a Comcast IP address in order again access to a security key that was used in the breach, according to a report from Reuters on Thursday.

The company has filed a lawsuit in San Francisco federal court in an attempt to find out who the person was, but anonymous sources told Reuters that the address was assigned to Chris Lambert, who is technology chief officer at Lyft.

Even if this is true, and the IP address can be traced to Lambert, it does not actually mean that Lambert did anything wrong.

For one, that security key was publicly available for months, for anyone to view, as a copy of it was accidentally posted by Uber on one of its public pages on GitHub. It stayed there for three months, until the breach occurred and it was finally taken down.

Once that happened, Uber began looked into the IP address of everyone who visited the page while that security key was available. After eliminating the addresses that were not suspicious, Uber singled out on the aforementioned IP address as the likely culprit.

Here's the even more important part, though. Uber's court papers don't even link the Comcast IP address and the hacker.

"In fact, the IP address was not the one from which the data breach was launched," the Reuters report says, so the claim that whoever is linked to that address is reponsible seems pretty dubious.

Rightfully, lawyers for the Comcast subscriber have pointed out these very facts in court: that anyone could have visited the site without violating any laws, and that the data breach stemmed from a different IP address.

Lyft is categorically denying that there's any evidence to connect it, or any of its employees, to the breach earlier this year.

“Uber allowed login credentials for their driver database to be publicly accessible on GitHub for months before and after a data breach in May 2014," a Lyft spokesperson told VatorNews.

"We investigated this matter long ago, and there are no facts or evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber’s May 2014 data breach.”

VatorNews reached out to Uber, but a company spokesperson declined to comment.

Lyfy vs Uber

Uber is worth over $50 billion while Lyft is worth $2.5 billion. Uber has a huge international presence, while Lyft only operates in the United States. Despite the size difference between the two companies, the two have had a bitter rivarly going on, with Uber being accused of being consistently underhanded in their dealings.

In 2013 it was reported that Uber had begun trying to lure away Lyft drivers by giving out $50 gas cards to drivers who came by their offices, along with an additional $500 if they picked up 20 riders by the end of the year. The moves were never officially verified. 

Then, in August of last year, Lyft accused Uber of having its employee’s book, and then cancel, upwards of 5,000 rides over a period of nine months.

According to the data supplied by Lyft, one phone number, which was associated with an Uber recruiter, canceled 1,524 rides on 21 accounts. Another created 14 accounts and cancelled 680 rides. In total, 177 Uber employees around the country made 5,560 phantom requests.

The most serious accusation came in November of 2014, when Lyft sued its former COO Travis VanderZanden for allegedly stealing sensitive company documents in the days leading up to his resignation in August, right before he went on to join Uber a few months later.

In response, VanderZanden then accused Lyft of of spying on his e-mails as he was in talks to join Uber.

There's obviously some very bad blood between these two companies, but one of them actually going and hacking the other to steal information about its drivers would be a step too far.

(Image source: huffingtonpost.com)

Related Companies, Investors, and Entrepreneurs

Uber

Startup/Business

Joined Vator on

Uber is a ridesharing service headquartered in San Francisco, United States, which operates in multiple international cities. The company uses a smartphone application to arrange rides between riders and drivers. 

Lyft

Startup/Business

Joined Vator on

Lyft is a peer-to-peer transportation platform that connects passengers who need rides with drivers willing to provide rides using their own personal vehicles.