麦迪逊广场花园自2018年以来,一直在秘密地对每个走进大门的人进行画像。
入口处的面部识别。生物识别数据被存储。内部威胁分数被分配。名人、运动员、粉丝,全都被分类。
本·斯蒂勒:“低风险。”A Boogie wit da Hoodie:“高风险。”
没有人被告知用于触发这些标签的标准是什么,或者这些画像是否存在。
然后,在6月5日,就在尼克斯队53年来首次赢得NBA总决赛的同一个晚上,ShinyHunters打电话给一名低级MSG员工,假装是IT支持。凭证被交出。他们在几分钟内就进入了Microsoft Entra。
一个月后:45GB的内部数据在暗网上发布。2600万条记录。生物识别监控日志。内部威胁评估。VIP档案,包含“人才成本”和“成名原因”字段。名人地址。还有客户投诉邮件,包括那些专门对MSG的面部识别提出担忧的人发来的消息。
那些质疑监控的人,最终进入了他们所担忧的那个数据库。
MSG仍然没有确认这次泄露。
现在是超出MSG的部分:
每个投资于面部识别和行为画像的体育场、竞技场和场馆,都在创建正是那种让他们成为优质目标的数据库。
你构建的监控越多,泄露就越有价值。
MSG为2600万人构建了8年的生物识别记录。
他们中没有人同意。
现在他们全都在泄露中。
Madison Square Garden has been secretly profiling every person who walks through its doors since 2018.
facial recognition at entry. biometric data stored. internal threat scores assigned. celebrities, athletes, fans, all categorized.
Ben Stiller: "low risk."A Boogie wit da Hoodie: "high risk."
nobody was told what criteria were used to trigger the labels or that the profiles existed.
then, on June 5, the same night the Knicks won the NBA Finals for the first time in 53 years, ShinyHunters called a low-level MSG employee, posing as IT support. credentials handed over. they were inside Microsoft Entra within minutes.
one month later: 45 gigabytes of internal data published on the dark web. 26 million records. biometric surveillance logs. internal threat assessments. VIP dossiers with "cost of talent" and "claim to fame" fields. Celebrity addresses. and customer complaint emails including messages from people who had specifically raised concerns about MSG's facial recognition.
people who questioned the surveillance ended up inside the very database they were worried about.
MSG still hasn't confirmed the breach.
now the part that extends beyond MSG:
every stadium, arena, and venue investing in facial recognition and behavioral profiling is creating exactly the kind of database that makes them a premium target.
the more surveillance you build, the more valuable the breach.
MSG built 8 years of biometric records on 26 million people.
none of them consented.
all of them are now in the leak.
