Bob Fabien Zinga

Strategic Leadership | Secure Enterprise IT Business Operations | Project Management

  • Home
  • Résumé
    • Bio
    • USN BIO
    • Linkedin
    • Forbes | Council
    • Microsoft Transcript
  • Blog
    • Current News
    • Cybersecurity
    • IP Officer
    • Safe and Secure Online
    • Campaign Drug Free
  • Contact
    • Book BZ
You are here: Home / Data Breach / Lyft executive implicated in Uber data breach, reports say

Lyft executive implicated in Uber data breach, reports say

October 10, 2015 By Bob Fabien Zinga Leave a Comment

An executive at rival ride-sharing company Lyft may be implicated in a massive breach of drivers’ records and data from Uber, Reuters reported late Thursday.

The breach of 50,000 driver records was disclosed by Uber in February, but actually happened in May 2014, and was discovered by Uber in September 2014. The company’s lawsuit now says the data was obtained via a company security key accessible on a public website, and people familiar with the matter told the news service that Lyft’s chief technology officer, Chris Lambert, has been implicated.

Lyft pushed back against that charge, saying in a statement to the Wall Street Journal that it had already investigated the matter and found no evidence Lambert was involved.

“We investigated this matter long ago and there are no facts or evidence that any Lyft employee, including Chris…had anything to do with Uber’s May 2014 data breach,” Lyft spokesman Brandon McCormick told the paper.
But Uber said they have evidence linking Lambert to the breach, said people familiar with the matter. The most significant claim is that Lambert was allegedly directly linked to a Comcast IP address that was used to access the data. Uber had to sue to get that subscriber data from Comcast, which it did under a “John Doe” type lawsuit, often used when a defendant’s identity is unknown.

A federal magistrate judge in San Francisco approved Uber’s request for a subpoena for that information in July.


“This Comcast IP address is associated with somebody who had been scraping driver data from the Uber website,” Uber attorney James G. Snell, of Perkins Coie LLP, told the judge at the time. “It matters who that is. If this was a competitor.”
Uber’s case says the breach violated the both the federal Computer Fraud and Abuse Act and a separate California law that provides similar protections.
“The Comcast IP address is the only IP address that accessed the GitHub post that Uber has not eliminated” from suspicion, the company said in court filings. Neither Lambert nor his attorneys, San Francisco law firm Boersch Shapiro LLP, responded to requests for comment.

McCormick wouldn’t confirm that IP address belonged to Lambert, but told Reuters that Uber allowed the records to be publicly accessible for long stretches of time around the time the breach happened.
“Uber allowed login credentials for their driver database to be publicly accessible for months before and after the breach,” he told the news service.
Source: http://www.bizjournals.com/sanfrancisco/blog/techflash/2015/10/lyft-executive-implicated-in-uber-data-breach-tech.html

Filed Under: Data Breach, Hacking

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

 

Recent Posts

  • Important Links for IP Officers December 14, 2020
  • BUSINESS RULES FOR DOCUMENTING PHYSICAL FITNESS ASSESSMENT (PFA) RESULTS ON PERFORMANCE REPORTS January 9, 2019
  • NAVY MAS Codes January 8, 2019
  • US Naval Officer Designators December 17, 2018
  • Numerical List of Navy Standard Subject Identification codes (SSICs) for Military Personnel and General Administration and management December 17, 2018
  • Navy Ranks and Insignias November 23, 2018
  • Navy Maximum Weight for Height Screening Table November 21, 2018

Recent Comments

  • Bob on NAVY MAS Codes
  • Kimberly Henley-Brown on NAVY MAS Codes
  • Robert Powell on NAVY RFAS Codes

Archives

  • December 2020
  • January 2019
  • December 2018
  • November 2018
  • June 2018
  • October 2017
  • November 2016
  • October 2016
  • June 2016
  • December 2015
  • October 2015
  • September 2015
  • August 2015

Categories

Copyright © 2021 · Silicon Valley Cyber Security Executive · LinkedIn · Forbes | Council