Uber accuses rival of stealing data on its drivers

App-based taxi firm Uber has accused rival company Lyft of hacking into its systems to steal the names and license numbers of 50,000 of its drivers.

In February, the company revealed that information had been improperly downloaded by someone using an Uber digital security key to access its driver database.

The breach occurred after it inadvertently posted the security key on the code development platform GitHub in March of 2014, prior to the breach, which remained on the site for months.

After Uber discovered the unauthorized download, it examined the IP addresses of every visitor to the page during the time between when the key was posted and when the breach occurred.

It concluded that a Comcast IP address was the only one that had accessed the GitHub post that it had not eliminated from suspicion.

Uber's court papers claim that the address could be traced back to Lyft's technology chief Chris Lambert.

U.S. Magistrate Judge Laurel Beeler ruled that the information sought by Uber in a subpoena of Comcast records was "reasonably likely" to help reveal the "bad actor" responsible for the hack.

Lyft spokesman Brandon McCormick said the company had already investigated the matter and concluded, "there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach."

McCormick declined to comment on whether the Comcast IP address belongs to Lambert or the scope of Lyft's internal investigation into the matter.

Uber's lawsuit alleges the hacker violated civil provisions of the federal Computer Fraud and Abuse Act, as well as a similar California law. It is unclear if the leaked driver information was ever used by the hacker or anyone else.

The owner of the Comcast IP has remained unnamed in court documents but the defendants attorneys are fighting the subpoena, alleging that Uber has improperly focused on their client instead of other possible perpetrators of the breach.

They said that automated web crawlers, such as those used by Google, could have retrieved the information and cached it in a different location that could have been accessed by the hacker.

In addition, it was noted that the data breach stemmed from an IP address that was different to the Comcast one.

Lyft directly competes with Uber for drivers and customers, although it is currently valued at $2.5bn (£1.6bn) - far less than its rival Uber, which is valued at $51bn (£33bn).

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them