In his statement on Monday, Lyft spokesman McCormick noted that “Uber allowed login credentials for their driver database to be publicly accessible for months before and after the breach.”
The two sources said that the address from which the hack was launched is associated with a virtual private network service. One of them added that the service is based in a Scandinavian country and is known for vigorously protecting the privacy of its users. The hacker’s numeric IP address is redacted from court papers.
In July, the federal magistrate judge in San Francisco approved Uber’s request for a subpoena granting the company access to the Comcast subscriber’s identity, source of payment and other subscription details. The subpoena also requires Comcast to disclose information connecting the subscriber to certain other IP addresses and to the GitHub web pages.
Attorneys for the unnamed Comcast subscriber appealed to the 9th U.S. Circuit Court of Appeals, and Beeler put her ruling on hold pending the outcome.
In fighting the subpoena, the subscriber’s attorneys asserted in court that Uber has improperly focused on their client instead of other possible perpetrators of the breach.