Who was responsible for hacking Uber, taking 50,000 driver names and license plate numbers in May?
Uber suspects Lyft CTO Chris Lambert, according to two anonymous sources who spoke to Reuters. In the public court case about the hacking, Uber filed for a subpoena to reveal the identity of a particular Comcast subscriber. It says it believes this subscriber accessed the GitHub post Uber accidentally made public that held the key to the driver data.
The court filing doesn’t mention Lambert at all, but two sources told Reuters that Lambert’s name surfaced when Uber searched for information on the IP address. The Comcast subscriber petitioned the court to stay anonymous, but the judge rejected the request.
Take the allegations with a grain of salt for now. The IP address is redacted in the court documents, so the Reuters reporters weren’t able to search for themselves. It’s not a stretch to suppose Reuters’ anonymous sources are connected to Uber since they have inside information on Uber’s suspicions. Lastly, Reuters itself admits, “The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched.”
Uber declined to comment on the issue to Re/code. Uber’s lawyers and the lawyers for the unnamed Comcast subscriber didn’t respond to request for comment.
Lyft spokesperson Brandon McCormick said, “Uber allowed login credentials for their driver database to be publicly accessible on GitHub for months before and after a data breach in May 2014. We investigated this matter long ago, and there are no facts or evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber’s May 2014 data breach.”
Lyft looked into the matter when it received a letter from Uber a year ago about the hacking incident. McCormick declined to discuss how its handled its internal investigation.
This article originally appeared on Recode.net.