Uber as a company has not identified Lambert. In fact the Comcast subscriber has remained anonymous throughout the court proceedings. Still, it's quite a leap to go from an IP address that accessed a publicly available file to outright hacking. The company believes that while there is no direct connection between the mystery Comcast IP and the hack, the identity of the person behind that address could shed some light on the breach. Which isn't all that far fetched.
Lance Cottrell, chief scientist of security firm Ntrepid told Engadget this type of situation is "characteristic of the kind of mistakes people make when conducting an attack." If the person behind the IP address stumbled onto the key while perusing Uber's GitHub account, it's already too late to start hiding who they are. It's usually not until a bad actor starts an actual attack that they take precautions like using a VPN or public WiFi to hide their identity. Of course that's if the anonymous internet user is actually responsible.
Cottrell also said we should question the thoroughness in which Uber excluded other IPs. It's unclear how many IP addresses hit the file, was in the tens or hundreds? How did it determine if someone was nefarious or not? Also, if the key was buried pretty deep in the company's GitHub page, there's a good chance it wasn't cached by Google. But if it wasn't, Google could have cached the file and anyone could have grabbed it without leaving a trail.
Concerning the speculation that an Lyft employee may have had something to do with the breach, Lyft gave Engadget the following statement: "Uber allowed login credentials for their driver database to be publicly accessible on GitHub for months before and after a data breach in May 2014. We investigated this matter long ago and there are no facts or evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach."
Uber declined to comment for this article.
[Image credit: Getty/AFP]