Slashdot Mirror

← Back to Stories (view on slashdot.org)

IP Address May Associate Lyft CTO With Uber Data Breach (reuters.com)

Posted by Soulskill on from the worked-for-the-cardinals dept.

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.

15 of 103 comments (clear)

  1. Guilty! by sinij · · Score: 5, Funny

    If RIAA and CSI taught us anything is that both IP and DNA are definitive proof of guilt. Since Chris Lambert was shown to have both, we can be certain he did it.

  2. Thankfully... by Rei · · Score: 5, Insightful

    Uber has long proven themselves to be eminently trustworthy and never scheming up shady ways to try to drive their competition out of business, so we can just take them at their word on this.

    --
    The human body can be drained of blood in 8.6 seconds given adequate vacuuming systems.
    1. Re:Thankfully... by phantomfive · · Score: 3, Interesting

      Exactly. Whenever an accusation starts with our competitor may have been evil..., wait for corroborating evidence.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Thankfully... by rockmuelle · · Score: 4, Interesting

      Uber is great in the same way Pets.com was great: they're burning their investor's money to run an unsustainable business. I loved getting 40lb bags of dog food delivered for free and I love paying less than the driver is making for my Uber rides. As a consumer, I win!

      What's new about Uber compared to Pets.com is that Uber is the VC world's experiment in seeing if they can create illegal businesses and then use their huge piles of money to change the law in their favor. This is what should really scare everyone.

      -Chris

    3. Re:Thankfully... by Triklyn · · Score: 3

      hells no, and i can probably count the number of cab rides i've taken in my life using my hands and feet.

      i don't like them flaunting consumer protections, i don't like that whole period they were like, "oh insurance? what's that? and why can't our driver's personal insurance foot the fucking bill?"
      i don't like how their executives think the idea of mudslinging journalists that criticize them is a fun idea.
      i don't like how their idea of damage control is to try to bury, bury bury, until someone fucking dies

      i don't like how their idea of fair competition is to spam their competitors with fake pickup requests
      i don't like how their fucking profit margin comes straight out of their contracter's pockets
      i don't like how their fucking car payment tie-in apparently is financially calamitous to their drivers

      so, no, i don't drive a cab, i'm just not enamored of evil.

  3. The perfect cover? by rmdingler · · Score: 4, Funny

    However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.

    What a great defense... there's no way it's me.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:The perfect cover? by DRJlaw · · Score: 4, Insightful

      The report emphasises that the IP address is not the one associated with the act of the breach itself; instead it was obtained by a process of elimination as Uberâ(TM)s investigations team worked through all the IPs which accessed a critical security key that had accidentally been deposited on the public code-sharing and versioning platform GitHub in March of 2014 â" approximately nine months before the breach occurred.

      The only one it could not account for is, according to the report, a Comcast IP address associated with Lambert.

      Translation: We believed everyone else but this guy is a right bastard (because he works for Lyft) and thus assuredly guilty.

  4. Life imitating art? by ramriot · · Score: 5, Interesting

    Sounds exactly like something from Mr Robot, IP address CTO of organisation found in logs related to hacking server farm.

    Like, we trust the logs, after someone has Owned the system, sure let me know how that goes!

  5. We trust what Uber says now? by Anonymous Coward · · Score: 3, Insightful

    A company run by crooks with a scam as their business model. Uber is the one that blundered its own key then failed to secure its databases. Now they are blame shifting.

    1. Re:We trust what Uber says now? by deadweight · · Score: 4, Funny

      My new airline is really cheap. I skip things like a 100 hour inspections, 135 certs, opspecs, and all the other things that make running an airline a huge PITA. I have a plane, what more do you want?

    2. Re:We trust what Uber says now? by Richard_at_work · · Score: 4, Insightful

      Just like a restaurant which doesn't give a toss about minimum wage, where its ingredients come from, the cleanliness of the kitchens or the reliability of the refrigeration - but the customers love the public face, service and price, so that restaurant should be given a break when it comes to following the rules other restaurants have to abide by...

    3. Re:We trust what Uber says now? by Nidi62 · · Score: 4, Insightful

      a scam as their business model

      Last time I checked, their business model was to offer a valuable service that people really like in exchange for money.

      People really like cocaine and meth, but exchanging those for money is just as illegal as operating illegal cabs.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  6. Protectionist? by pr0nbot · · Score: 3, Informative

    I don't know why a VPN provider would favour trade tariffs.

    Perhaps "protective" was meant?

    https://en.wikipedia.org/wiki/...

  7. Corporate Persons by Chris+Johnson · · Score: 5, Insightful

    So wait. Not only does Uber choose to commandeer Slashdot at every opportunity to spout off how great it is through increasingly vehement sockpuppet ACs and the pushing of clickbait articles, it ALSO feels the need to pull you aside and fill you in on its paranoid fantasies?

    Man, 'corporate personhood' is weird. This is distinctly a personality that's consistent and recognizable. Just yeah.

    Excuse me, Uber. I think I see somebody over there that I know D:

  8. The article alleges no connection, though. by shess · · Score: 5, Insightful

    Apparently they leaked the key on GitHub, and allege that this IP address visited the page - along with tens of thousands of other visitors.

    If I were CTO of a company, and I saw a Slashdot posting about "YourCompetitor leaked all of their keys on GitHub!", I would probably click through. ESPECIALLY if I were in charge of preventing similar leaks from the company I worked for.