Report indicates Uber looking into Lyft employee as possible culprit in data breach


As Uber continues to investigate a data breach of its drivers database, Reuters came out with a report Thursday that claimed the car service's primary suspect is also its main rival: Lyft.

The case began when Uber discovered that about 50,000 of its current and former drivers' names and license numbers had been exposed in May 2014. In February 2015, the company filed a complaint against a John Doe in order to uncover who might be behind the breach.

Ultimately, the company realized that for a brief period, it had accidentally posted the digital security key to its database on a public GitHub page prior to the breach. It was live for months.

At that point, the company subpoenaed GitHub for information on who visited its webpage over those months, and identifying information on John Doe. The information, the court docs said, would indicate that the individual used the same IP address on GitHub's website and when accessing Uber's database.

“This information will likely tie an individual directly to the breach,” the subpoena stated.

Uber pointed out that an unknown person, with a Comcast IP address, had access to the stolen security key that led to the data breach. This address reportedly belongs to Lyft CTO Chris Lambert, Reuters reported.

That said, this IP address isn't directly connected to the data breach and was not the one from which it was carried out.

A Lyft spokesperson told that the company “investigated this matter long ago and there are no facts or evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach.”

Uber didn't respond to a request for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.