Business Standard

Uber probes IP address assigned to Lyft officials: Sources

- REUTERS 8 October

Eight months after disclosing a major data breach, ride service Uber is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifyin­g the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.

In February, Uber revealed that as many as 50,000 of its drivers' names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrato­r.

Uber's court papers claim that an unidentifi­ed person using a Comcast IP address had access to a security key used in the breach. The two sources said the address was assigned to Lyft's technology chief, Chris Lambert.

The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched.

However, U.S. Magistrate Judge Laurel Beeler ruled that the informatio­n sought by Uber in a subpoena of Comcast records was “reasonably likely” to help reveal the “bad actor” responsibl­e for the hack.

On Monday, Lyft spokesman Brandon McCormick said the company had investigat­ed the matter “long ago” and concluded “there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver informatio­n or database, or had anything to do with Uber’s May 2014 data breach.” McCormick declined to comment on whether the Comcast IP address belongs to Lambert. He also declined to describe the scope of Lyft’s internal investigat­ion or say who directed it.

Lambert declined to comment in person or over email.

Attorneys for the Comcast subscriber, who is not named in court documents, did not respond to an interview request on Monday.

In an email on Monday, an Uber spokeswoma­n declined to comment on any aspect of the case beyond what is in court filings, including what led the company to believe that more informatio­n about the Comcast subscriber might lead them to the hacker.

Uber’s lawsuit alleges the hacker violated civil provisions of the federal Computer Fraud and Abuse Act, as well as a similar California law.

?? PHOTO: REUTERS ?? Uber's court papers claim that an unidentifi­ed person using a Comcast IP address had access to a security key used in the breach.
PHOTO: REUTERS Uber's court papers claim that an unidentifi­ed person using a Comcast IP address had access to a security key used in the breach.

Newspapers in English

Newspapers from India