Uber's Hack Investigation Tipped To Include Lyft Element
Uber revealed back in February that it has suffered a data breach involving driver data; that breach was first discovered in September 2014, and had taken place in May of last year. An investigation into the hack has been ongoing since, and has taken an interesting turn. In a report that surfaced today, sources alleged that Uber has narrowed down a possible source to a Comcast IP, and that Comcast IP reportedly belongs to a Lyft executive.
The information comes from Reuters which reports that it received information from two unnamed sources who are familiar with the issue. According to court documents, Uber alleges that an unknown individual with a Comcast IP viewed a security key that was used in the 2014 data breach.
The two sources claim that IP address belongs to the Chief Technology Officer for Lyft, Uber's most notable competitor. It is important to note that the IP address was not the source of the data breach, and the court documents don't directly state that it is connected with the hacker(s), according to Reuters.
Why Uber is pursuing the Comcast subscriber in relation to the investigation isn't clear. The hack itself resulted from Uber's own carelessness — the company mistakenly published a security key on a public GitHub page in early 2014 and failed to take it down for months. The company looked into what IP addresses visited the page with that security key. Of the addresses obtained, the Comcast IP is the only one that remains an element of interest.
Of course, anyone could have visited the page with the security key, as it was public; a visit to the page does not indicate that the subscriber had any involvement in the data breach whatsoever. Furthermore, a different IP address launched the attack. The sources claim the hack originated from a VPN's IP address. In a statement to Reuters, a Lyft spokesperson dismissed the notion that one of the company's workers or executives may have been involved in the hack.
SOURCE: Reuters