IP Address May Associate Lyft CTO With Uber Data Breach

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.

Thankfully...

[Rei]

Uber has long proven themselves to be eminently trustworthy and never scheming up shady ways to try to drive their competition out of business, so we can just take them at their word on this.

We trust what Uber says now?

A company run by crooks with a scam as their business model. Uber is the one that blundered its own key then failed to secure its databases. Now they are blame shifting.

Re:We trust what Uber says now?

[Richard_at_work]

Just like a restaurant which doesn't give a toss about minimum wage, where its ingredients come from, the cleanliness of the kitchens or the reliability of the refrigeration - but the customers love the public face, service and price, so that restaurant should be given a break when it comes to following the rules other restaurants have to abide by...

Re:We trust what Uber says now?

Since when did /. get inundated with pissed-off cab drivers bad-mothing Uber?

Don't you fuckers have anything better to do?

Oh wait...since no one wants your shitty service and smelly cabs anymore, I guess you don't.

Re:We trust what Uber says now?

[Nidi62]

a scam as their business model

Last time I checked, their business model was to offer a valuable service that people really like in exchange for money.

People really like cocaine and meth, but exchanging those for money is just as illegal as operating illegal cabs.

Re:The perfect cover?

[DRJlaw]

The report emphasises that the IP address is not the one associated with the act of the breach itself; instead it was obtained by a process of elimination as Uberâ(TM)s investigations team worked through all the IPs which accessed a critical security key that had accidentally been deposited on the public code-sharing and versioning platform GitHub in March of 2014 â" approximately nine months before the breach occurred.

The only one it could not account for is, according to the report, a Comcast IP address associated with Lambert.

Translation: We believed everyone else but this guy is a right bastard (because he works for Lyft) and thus assuredly guilty.

Corporate Persons

[Chris+Johnson]

So wait. Not only does Uber choose to commandeer Slashdot at every opportunity to spout off how great it is through increasingly vehement sockpuppet ACs and the pushing of clickbait articles, it ALSO feels the need to pull you aside and fill you in on its paranoid fantasies?

Man, 'corporate personhood' is weird. This is distinctly a personality that's consistent and recognizable. Just yeah.

Excuse me, Uber. I think I see somebody over there that I know D:

The article alleges no connection, though.

[shess]

Apparently they leaked the key on GitHub, and allege that this IP address visited the page - along with tens of thousands of other visitors.

If I were CTO of a company, and I saw a Slashdot posting about "YourCompetitor leaked all of their keys on GitHub!", I would probably click through. ESPECIALLY if I were in charge of preventing similar leaks from the company I worked for.