Uber probes IP address assigned to Lyft exec

The headquarters of Uber in San Francisco. (Eric Risberg, AP)
The headquarters of Uber in San Francisco. (Eric Risberg, AP)

San Francisco - Eight months after disclosing a major data breach, ride service Uber is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main US rival, Lyft.

In February, Uber revealed that as many as 50 000 of its drivers' names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator.

Uber's court papers claim that an unidentified person using a Comcast IP address had access to a security key used in the breach. The two sources said the address was assigned to Lyft's technology chief, Chris Lambert.

The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched.

However, US Magistrate Judge Laurel Beeler ruled that the information sought by Uber in a subpoena of Comcast records was "reasonably likely" to help reveal the "bad actor" responsible for the hack.

Leaked driver information

On Monday, Lyft spokesperson Brandon McCormick said the company had investigated the matter "long ago" and concluded "there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach".

McCormick declined to comment on whether the Comcast IP address belongs to Lambert. He also declined to describe the scope of Lyft's internal investigation or say who directed it.

Lambert declined to comment in person or over email.

Attorneys for the Comcast subscriber, who is not named in court documents, did not respond to an interview request on Monday.

In an email on Monday, an Uber representative declined to comment on any aspect of the case beyond what is in court filings, including what led the company to believe that more information about the Comcast subscriber might lead them to the hacker.

Uber's lawsuit alleges the hacker violated civil provisions of the federal Computer Fraud and Abuse Act, as well as a similar California law. It is unclear if the leaked driver information was ever used by the hacker or anyone else.

According to documents filed in the case, the company learned months after the hack that someone had used an Uber digital security key to access the driver database. A copy of the key was inadvertently posted by Uber on one of its public pages on the code development platform GitHub in March of 2014, prior to the breach, the court filings show, and remained there for months.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
14.18
-0.3%
Rand - Pound
19.90
-0.2%
Rand - Euro
17.13
-0.4%
Rand - Aus dollar
10.93
-0.1%
Rand - Yen
0.13
-0.4%
Gold
1,815.11
-0.0%
Silver
26.93
-0.2%
Palladium
2,813.00
-1.7%
Platinum
1,211.37
-0.2%
Brent Crude
69.32
+1.1%
Top 40
59,816
-2.8%
All Share
65,758
-2.5%
Resource 10
68,803
-4.0%
Industrial 25
81,958
-2.2%
Financial 15
12,528
-0.9%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
Yes, and I've gotten it.
21% - 1428 votes
No, I did not.
52% - 3578 votes
My landlord refused
28% - 1905 votes
Vote