Uber and Lyft clash over massive data breach

News by Max Metzger

Uber and Lyft, the two giants of the Taxi-app industry have clashed over a large data breach and one of Lyft's executives has been implicated.

The information of as many as 50,000 Uber drivers was leaked in a massive data breach in May this year. But it was only last week that Uber claimed to find their erstwhile attacker by tracing their IP address. What is more is Uber claim the person responsible was the CTO of their main competitor, Chris Lambert at Lyft.

The database of driver information was accessed through a security key that had been accidentally left exposed on Github, a web-hosting service, for three months. Eric Chiu, president and co-founder of HyTrust, a cloud security company, told SCmagazineUK.com, “Insider threats – whether accidental or malicious -- are the number one cause of breaches today. This investigation found that an Uber engineer posted a company security key to GitHub, which is like leaving your house key under the doormat for anyone to use.”

After pursuing legal action, Uber forced GitHub to reveal the IP addresses of anyone who visited the page. One such IP address was traced back to none other than Lambert.

Lambert has not yet denied the accusation but Reuters has reported that a Lyft spokesperson claimed the company has performed its own investigation and found that “there is no evidence” that Lyft employees “had anything to with Uber's May 2014 data breach”.

While Uber and Lyft are considered two of the major players in the taxi-app business, they are not on an equal footing. While Lyft was valued at the respectable price of US$700 million this year, Uber was valued at the stunning amount of US$50 billion.

The bad feeling between Uber and Lyft didn't start here. Uber's employees have been found several times to be intentionally messing with Lyft's day-to-day operations. 

First blood was drawn by Uber in 2013 when employees of the company were shown to be ordering rides from competitor services like Lyft and then cancelling them at the last minute in order to disrupt their service. Lyft told CNNMoney in late 2014 that Uber employees had ordered, and then cancelled nearly 6000 Lyft rides since the end of 2013. In August of that year, tech news outlet, The Verge, reported that Uber had attempted to create a team of recruiters to gather intelligence on Lyft, and poach their drivers to work for Uber.

Chiu also commented on the larger significance of the Uber breach and the accusation flung at the Lyft CTO: “Industrial espionage is an increasing risk for companies and the Uber and Lyft case shows that this isn't just a nation-state or international issue”. 

He added, “Your competitor down the street or across the country might be the attacker trying to steal company information for their competitive advantage.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews