Whoever hacked Uber's driver database wasn't our CTO, says rival Lyft Uber's sleuthing to find out who hacked its database of drivers has turned up an interesting snippet regarding its chief competitor, Lyft. In May last year, a mystery miscreant snatched a leaked copy of an access key to one of Uber's databases, and used it to download records of 50,000 Uber drivers. How the key made its way …
I'd consider even looking at sensitive data of a rival firm falls quite firmly into the definition of 'wrongdoing'... Obviously Uber fucked up pretty badly, but their failure doesn't excuse a stupid act like looking at their authentication keys. At the very least, it shows that Lyft's CTO shouldn't have his job given how irresponsible he is in that he put his curiosity over protecting the company from a potential lawsuit.
What he really should have done is when someone informed him about the key being public, he should have just called his legal counsel and never clicked on the link. And if he was the one that discovered that it was public, well, he should never have been poking around there in the first place.
I'd consider even looking at sensitive data of a rival firm falls quite firmly into the definition of 'wrongdoing'...
It more closely fits into the Golden Rule of Business: Do unto others1.
1. This also stands as #13 of the The Seventy Maxims of Maximally Effective Mercenaries.
"I'd consider even looking at sensitive data of a rival firm falls quite firmly into the definition of 'wrongdoing'"
Grand, but that's exactly what Lyft are denying happened, so not really relevant:
"...there are no facts or evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database"
" I could see myself doing what the CTO did"
I would too, but that is also why I'm not a CTO. A C-level employee is essentially the physical embodiment of the company, their actions must reflect the ideals of the company they are part of. The difference between an executive and an employee is similar to that of a head-of-state versus a private citizen. A citizen could walk into a strip club because they are curious about it, but if the president were to do such a thing, he'd be facing months of bad press, numerous calls for impeachment, and endless inquiries into their actions.
Maybe Lyft did steal the data, maybe they didn't, but I think it's a stretch to imply Lyft's CTO did anything wrong.
If I was CTO of Lyft, and I read the news that Uber had put their codebase on GitHub, of course the first thing I'm going to do is git clone that repo. It would almost be remiss of him not to. It's quite possible he picked through the code and didn't even realise the database key was in there.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
