Uber suspects Lyft may have assisted in February’s data breach

Lyft announced a bunch of quality-of-life improvements for its drivers yesterday, such as cheaper gas and real-time payments, in an effort to keep its current drivers loyal and make itself more appealing to Uber drivers. As great as that is, the company may have done some less admirable things to better compete with Uber a few months ago, such as assisting in a massive data breach on Uber. That’s what Uber is looking into at the moment after discovering a possible connection between the hacker and Lyft’s chief of technology.

Eight months after disclosing a major data breach, ride service Uber [UBER.UL] is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft. In February, Uber revealed that as many as 50,000 of its drivers’ names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator. Uber’s court papers claim that an unidentified person using a Comcast IP address had access to a security key used in the breach. The two sources said the address was assigned to Lyft’s technology chief, Chris Lambert. The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched. However, U.S. Magistrate Judge Laurel Beeler ruled that the information sought by Uber in a subpoena of Comcast records was “reasonably likely” to help reveal the “bad actor” responsible for the hack.