"Lyft denies any wrongdoing by its employees."
I'd consider even looking at sensitive data of a rival firm falls quite firmly into the definition of 'wrongdoing'... Obviously Uber fucked up pretty badly, but their failure doesn't excuse a stupid act like looking at their authentication keys. At the very least, it shows that Lyft's CTO shouldn't have his job given how irresponsible he is in that he put his curiosity over protecting the company from a potential lawsuit.
What he really should have done is when someone informed him about the key being public, he should have just called his legal counsel and never clicked on the link. And if he was the one that discovered that it was public, well, he should never have been poking around there in the first place.