12 comments

[ 3.1 ms ] story [ 36.3 ms ] thread
So you make a mistake: You accidentally publish something that will give anyone access to all your data. Then you use your own incompetence to target one of your competitors.

It astounds me that companies that are worth billions, full of smart people and are changing the world are enabled to act so incredibly stupid.

I suppose it depends on your definition of "you" here. They likely have thousands of employees around the world. It sounds like a single employee was careless here. I guess where you see company, I see a collection of individuals and the potential errors/issues that come from being human.
Making the mistake wasn't the stupid part, we all make mistakes. Trying to use it as an opportunity against your competitor is. That's not a choice made by individuals; it's a company acting stupid officially, with intent.
One interesting piece of this: it looks like Github turned over IP traffic logs for who accessed that page of Uber's Github repo to Uber.
this is the only reason here for this "news" "article".

besides this, that is pure libel, with no source or fact checking from the " journalist". and that is just mentioned in passing. the "journalist" doesn't even notice that is the only real interesting bit, and obviously does not expand or investigate on it. I'd love to hear what github has to say on this.

just flag this garbage.

There's nothing libelous in that article. The author is reporting on the matter and doesn't claim that Lyft or any specific individual is guilty of anything.
except on the title. and the lide. and the eye.

the fact that they have no fact is burried, while the sensationalist accusation is highlighted.

'After Uber discovered the unauthorized download, it examined the Internet Protocol addresses of every visitor to the page during the time between when the key was posted and when the breach occurred'

lolwutf.

Can someone please tell me how Uber got the IP of 'every visitor to the page [on GitHub]'?

And, to that end, what even constitutes 'the page'? If someone cloned the repo, how is that tally'd?

This reeks of weirdness.

If I post my password on the Internet and someone uses it to get into my account, is that still considered hacking? And illegal? [serious question]

I guess if I lost my wallet and someone finds it and uses my debit card, I'd consider that stealing.

The CFAA (Computer Fraud and Abuse Act) prohibits unauthorized access. If you find a piece of paper with an account name and password written on it and use it for access, it is illegal.
If you lost your house key and someone came into your house and looked around, that'd be trespassing.