It seems they didn't learn from their mistakes. It sounds that the 2014 breach was caused by the same mistake.

"That gist is believed to have contained a login key used by a hacker to access an internal Uber database of 50,000 drivers."

https://www.theregister.co.uk/2015/02/28/uber_subpoenas_gith...