Hisense announces major cashback offer through June 23

Posted in Commentary with tags on June 19, 2026 by itnerd

As Canada continues its historic run at the FIFA World Cup 26, Hisense Canada is seeing increased interest in premium home entertainment products as Canadians look to recreate the stadium experience at home.

The company has launched a nationwide cashback promotion tied directly to Canada’s performance in the tournament, offering Canadians who purchase select Hisense TVs, Laser TVs and appliances a guaranteed $400 cashback through June 23, with the potential for additional savings should Canada advance further.

Full offer details at available at www.winwithcanada.ca.

Leave a comment »

HP Debuts AI-Powered Unified Collaboration Ecosystem at InfoComm 2026

Posted in Commentary with tags on June 19, 2026 by itnerd

At InfoComm 2026, HP Inc. introduced AI-powered communication and collaboration solutions designed to transform how work gets done.
 
As organizations operate across increasingly distributed environments, HP is advancing its collaboration ecosystem — powered by the HP Workforce Experience Platform (WXP) — to deliver better experiences focused on connecting people, workspaces, and solutions.

Unified Insights and IT Management

HP is giving IT teams unified visibility and control across collaboration spaces, compute, and print solutions through a single pane of glass with the integration of HP Poly Lens and WXP Collaboration (formerly Vyopta) into the HP Workforce Experience Platform (WXP). This expanded offering provides greater visibility across workspaces through an interactive digital replica of the environment called HP Poly Lens Room VisualizerAI.

With these expanded collaboration focused experience analytics and room management capabilities, WXP is transforming isolated data points into actionable insights that empower IT to improve performance, optimize spaces, and enhance employee productivity.

Future-Proof Video Collaboration and Multi-Camera Experiences

HP is future-proofing meeting rooms of all sizes with its next-gen Windows based collaboration engine, HP Poly Studio Room Compute, for Microsoft Teams Rooms and for Zoom Rooms. As the first collaboration compute solution powered by the latest third generation Intel® Core™ Ultra processors with integrated NPUs, this solution is built to support emerging AI-assisted collaboration experiences while enabling long lifecycle support and streamlined room deployments.

The HP Poly Studio 5 and 7 Room Compute will be certified for Microsoft Teams Rooms and Zoom Rooms. These solutions are designed to simplify setup with color-coded ports, dedicated PoE port for the Poly TC10 touch controller, automatic pairing, quick magnetic mounting and can be easily managed with Poly Lens as part of the HP Workforce Experience Platform. The Poly Studio Room Compute devices are made up of at least 60% post-consumer recycled (PCR) plastics.
 
HP Poly VideoOS 5.1 delivers an elevated hybrid meeting experience while simplifying management for HP Poly’s next-gen video conferencing solutions. Designed to make hybrid collaboration feel more natural and engaging, Poly DirectorAI multi-camera technology intelligently switches between cameras to capture the best view of in-room participants. By capturing the right perspective, remote attendees feel more connected to those in the room, resulting in conversations that flow more freely across distributed teams.
 
HP Poly VideoOS 5.1 also delivers simplified setup and connectivity for Microsoft Teams Rooms on Android with HP Touch Controller Direct Connect, reducing complexity and helping organizations keep rooms up and running. Plus, a redesigned WebUI offers a modern, unified admin experience, making it easier to monitor and manage devices.

Immersive Audio and Productivity Tools for Hybrid Work

HP’s latest product innovations are purpose-built across the ecosystem, designed to work seamlessly together and deliver a consistent experience across every touchpoint. The new HP Poly Focus 6 Series Bluetooth headsets provide an immersive audio experience powered by Acoustic Fence 2.0, hybrid active noise cancellation (ANC), and spatial audio to help users stay focused throughout the day, across work environments.

The HP Poly Focus 6 Series offers up to 25 hours of talk time with ANC on, and wireless charging capabilities. Plus, the HP Poly Focus 6 Series is available in a sleek, foldable version for even greater flexibility and portability throughout your day. The HP Poly Focus 6 Series is certified for Google Meet, Google Voice, Microsoft Teams Open Office, and Zoom.  Bluetooth Direct certifications with Microsoft Teams and Zoom ensure full functionality without a dongle.
 
To extend product life, the HP Poly Focus Series offers replaceable batteries and ear cushions for improved shelf-life and sustainability. The HP Poly Focus 6 Series headsets are TCO 10 certified to meet a wide scope of sustainability criteria, covering both environmental and social responsibility in the supply chain and throughout the product life cycle. 
 
The HP Collaboration Keyboard, the world’s first programmable collaboration wireless keyboard with adjustable tilt, enhances productivity and control throughout the day. This device features dedicated keys for microphone mute, camera control, and screen sharing, plus customizable shortcuts and cross-platform compatibility provide greater flexibility. This keyboard is made with up to 75% post-consumer recycled plastic by total plastic weight.

Designed for the Future of Work

HP is empowering organizations by providing a seamless, unified collaboration experience across its ecosystem of personal devices, room solutions, productivity tools, and platforms — allowing people to connect and do their best work.

HP will be showcasing its comprehensive suite of collaboration solutions designed for the future of work at booth #C8137 and will host HP Dimension with Google Beam demos at booth #C8037.

Pricing and availability

  • HP Poly Focus 6 Series Bluetooth headsets will be available in July, on HP.com starting at $379.95.
  • HP Poly Studio Room Compute for Microsoft Teams Rooms and Zoom Rooms will be available in July through select resellers, starting at $2,499 for HP Poly Studio 5 Room Compute, and $3,699 for HP Poly Studio 7 Room Compute.
  • Poly VideoOS 5.1 is expected to be available in Q3 2026.
  • HP Collaboration Keyboard will be available in September 2026 for $59.99 on HP.com.
  • HP Poly Lens integration into the HP Workforce Experience Platform (WXP) is now underway, with additional capabilities rolling out throughout 2026.

Leave a comment »

FortiBleed leak shows how exposed management systems can become intelligence goldmines

Posted in Commentary with tags on June 18, 2026 by itnerd

The disclosure of the FortiBleed data leak is a reminder that security risks don’t always stem from active exploitation or newly discovered vulnerabilities. Large-scale exposures of device information, configuration data, and network intelligence can provide attackers with a valuable roadmap for future operations. Even when no immediate compromise occurs, aggregated infrastructure data can help threat actors identify potential targets, map internet-facing assets, and prioritize organizations for follow-on attacks. The incident highlights the importance of minimizing exposed management interfaces, continuously monitoring external attack surfaces, and treating infrastructure metadata as sensitive information that can be weaponized when it falls into the wrong hands.

Yagub Rahimov, CEO, Polygraf AI

“One major insight here in this incident is that complex passwords didn’t help. Passwords of 25+ characters with symbols and numbers was shown in plaintext. Such complex password that’s passed through an infostealer protects you as much as “password123.” Many practitioners, up until now, were treating the credential strength as something that stands between an attacker and the network. The FortiBleed example just proved we can’t deny it. We need to care as much about exposure as we do about the credential strength.

We’ve always had industry standards (rotating credentials, enforcing MFA, etc), but remediation advice fails because nobody finishes it. The problem is that organizations treat a breach as an event to clean up after, not a condition to design around. Because of that, credentials get rotated once, and then everything drifts back. FortiBleed is what that drift looks like when it adds up across an entire vendor’s install base. That incident showed us again that the cleanup mindset is the vulnerability As long as a leak is treated as a discrete incident with a start and an end, the credentials that slip through become the seed of the next dataset. The only thing that changes the outcome is assuming that exposure is continuous, not occasional. Most organizations still aren’t there, which is exactly why there will be another FortiBleed.”

Now is a good time to look at various passwordless options and rotating credentials for example. At least it will limit your exposure to FortiBleed.

Leave a comment »

Tech Prime Day Deals from Anker

Posted in Commentary with tags on June 18, 2026 by itnerd

Here is a curated selection of top offers from Anker Innovations — covering must-haves in charging gear, home tech, audio, and portable entertainment. Deals span up to 53% off across brands including Anker, Eufy, Soundcore, and Nebula, with standout savings on power banks, smart vacuums, sleep earbuds, projectors, and more. All deals valid June 23-26.

Anker | Charging Essentials & Power Solutions

  • Anker MagGo Power Bank (10K, Slim), $69.99 (30% off, save $30), regular $99.99 — Anker.com | Amazon
  • Anker Power Bank (25K, 165W, Built-In and Retractable Cables), $113.99 (33% off, save $56), regular $169 — Anker.com | Amazon
  • Anker Prime TB5 Docking Station (14-in-1, 8K, Thunderbolt 5), $399.98 (33% off, save $200.01), regular $599.99 — Anker.com | Amazon
  • Anker Prime Docking Station (14-in-1, Triple Display, DisplayLink), $298.99 (34% off, save $151), regular $449.99 — Anker.com | Amazon
  • Anker Prime Power Bank (26K, 300W), $189.99 (32% off, save $90), regular $279.99 — Anker.com | Amazon

Eufy Appliance | Smart Robot Vacuums

  • Eufy C28 Robot Vacuum, $649.99 (53% off, save $750), regular $1,399.99 — eufy.com | Amazon
  • Eufy E25 Robot Vacuum, $759.98 (45% off, save $640), regular $1,399.99 — eufy.com | Amazon
  • eufy Breast Pump S2 Pro, $499.99 (16% off, save $100), regular $599.99 — eufy.com | Amazon
  • eufy Breast Pump S1 Pro, $279.99 (15% off, save $50), regular $329.99 — eufy.com | Amazon

Eufy Security 

  • eufy Security SoloCam S340, $159.99 (38% off, save $100), regular $259.99 — eufy.com | Amazon
  • eufy Security eufyCam S4, $299.99 (25% off, save $100), regular $399.99 — eufy.com | Amazon

Soundcore

  • soundcore Space 2 by Anker, $149.99 (17% off), regular $179.99 — Soundcore.com | Amazon. Available colours: Jet Black, Cream White, and Green
  • soundcore Sleep A30 Special, $199.99 (29% off), regular $279.99 — Soundcore.com | Amazon. Available colours: White, Puple

Soundcore Recording Productivity

  • soundcore Work AI Note Taker (8G), $119.99 (45% off), MSRP $219.99 — Soundcore.com | Amazon

Nebula Outdoor Speaker

  • soundcore Boom 2 Outdoor Speaker, $99.99 (44% off), regular $179.99 — Soundcore.com | Amazon

Nebula Portable Projectors

  • Nebula X1 Pro 4K Projector | World’s First Mobile Theater Station, $5,199.99 (26% off), regular $6,999.99 — Soundcore.com | Amazon
  • Nebula X1 Pro Mobile Theater with 200″ Inflatable Screen, $6,499.99 (34% off), regular $9,799.99 — Soundcore.com | Amazon

Leave a comment »

FortiBleed isn’t just a patch problem—it’s a quantum credentialing problem no one is talking about yet 

Posted in Commentary with tags on June 18, 2026 by itnerd

The FortiBleed (check out this or this if you want to catch up) exposure is being covered as a patching failure. It’s actually something harder to fix. Data exfiltrated today can sit dormant until quantum computing makes it decryptable. The credentials leaked right now have a shelf life no one can calculate.

Justin Beals, CEO & Founder, Strike Graph, an AI-native GRC and compliance automation platform had this to say:

“Fortinet moved to disclose once the data surfaced. That’s the right call. But the exposure itself points to a problem that’s only going to get worse. Cloud computing at scale has already made mass credential harvesting faster and cheaper than most organizations’ patching cycles can absorb. Quantum computing will make it catastrophic. Data exfiltrated today can sit dormant and be decrypted later, once the compute power to crack it exists. That’s not a hypothetical. It’s a timeline. Every set of credentials leaked right now has a shelf life organizations can’t calculate. What this pushes on, hard, is the need for consistent, continuous updates to credentialing. Not annual reviews, not quarterly rotations tied to audit cycles. The threat is operating on machine time. Credential governance has to keep pace with it.”

The question is, will we move to a place where we find out about these sorts of threats BEFORE they become threats? And BEFORE they become quantum computing threats. That’s the real question.

Leave a comment »

Meet SearchLeak, the one-click Microsoft Copilot attack 

Posted in Commentary with tags on June 18, 2026 by itnerd

The Varonis Threat Labs team found a critical one-click exploit named SearchLeak that turns Microsoft Copilot into a silent data-stealing weapon. The three-stage attack combines older and newer techniques that, chained together, steal sensitive information.

As debate continues over Fable and Mythos restrictions, SearchLeak shows how AI can create and expose novel on-ramps into enterprise systems and quietly leak critical information.

SearchLeak follows our discovery of a dangerous Microsoft Copilot Personal vulnerability, Reprompt, in January.

The Varonis Threat Labs team have worked hand in hand with Microsoft to responsibly disclose SearchLeak. They gave it a max severity level of “critical” and assigned it CVE-2026-42824. We have just been cleared by Microsoft to publish.

Watch an expert walk through the attack in this short video: https://varonis.wistia.com/s/z5q0yct8vxwi7gt and read the full report here: https://www.varonis.com/blog/searchleak

Leave a comment »

VerifyLabs.AI Brings Deepfake Detection to Android, Opening Trust Verification to a Global Audience

Posted in Commentary on June 18, 2026 by itnerd

VerifyLabs.AI today launches its Android app, completing a full mobile rollout of its Deepfake Detector alongside the existing iOS app and Chrome extension. The Android release brings real-time deepfake detection across images, audio and video to the majority of the world’s smartphone users, with no technical setup required. Mac and Windows desktop applications are in development, and Zoom and Microsoft Teams plugins are already available for enterprise users who need detection during live calls.

The Deepfake Detector analyses content and returns a verdict across a five-band scale, colour-coded from green (Human Made) through grey (Result Inconclusive) to red (Machine Made), rather than a raw confidence score left to the user to interpret. Image detection runs at up to 96% accuracy, validated against content generated by DALL-E 3, Flux, Ideogram, Midjourney and Stable Diffusion XL. Audio detection operates at up to 98% accuracy. Subscriptions start at 6.99 GBP per month or 69.99 GBP annually, and a bespoke enterprise API is available for organisations that need deeper integration.

The launch comes as synthetic content moves from a niche concern to an everyday risk. Deepfake audio robocalls impersonated President Biden during the 2024 US election, and AI-generated imagery influenced voter perception in Poland and Ireland in 2025. Financially, a 2024 survey found 92% of companies suffered losses from deepfake-related incidents, with one in ten reporting losses above one million dollars across fraud scenarios ranging from AI-generated identity documents used to bypass KYC checks to fabricated insurance claim videos.

Nick Knupffer, CEO of VerifyLabs.AI, said: “We’ve reached a point where you can’t trust what you see or hear anymore. Deepfakes have stolen something fundamental from us. VerifyLabs.AI exists to give it back. When you know what’s real, you can believe again, and that changes everything, from how we consume news to how we make decisions that matter.

Founded in 2025, VerifyLabs.AI is focused on making advanced AI detection technology accessible and practical for everyday use, helping individuals and organisations protect themselves against AI-enabled fraud and deception.

Unlike most detection services that require engineering resource before a single test can be run, VerifyLabs.AI is ready from day one through the iOS and Android apps and Chrome extension, with no technical setup required. Subscriptions start at 6.99 GBP per month (Essential monthly) or 69.99 GBP annually. For organisations that need deeper integration, a bespoke enterprise API is available. The technology is ready. The threat is real. The time to detect synthetic content at scale is now.

Website: https://verifylabs.ai/ 

Leave a comment »

VDURA Unveils Next-Generation Control Plane and Advanced S3 Capabilities for AI and HPC at ISC 2026

Posted in Commentary with tags on June 18, 2026 by itnerd

VDURA today announced three major advances for ISC High-Performance 2026: a next-generation multi-tenant control plane, significant S3 performance improvements and native S3 object tagging. Together, these capabilities are designed to simplify operations and accelerate data-intensive workloads at scale for AI and HPC organizations worldwide.

Planned for general availability in the second half of 2026, these advances continue VDURA’s mission to deliver the world’s most powerful data infrastructure platform for AI and HPC.

Next-Generation Control Plane: Simplified, Multi-Tenant Management for AI and HPC Environments

VDURA’s next-generation control plane, planned for general availability later this year, is purpose-built for the operational demands of modern AI and HPC environments. It introduces a modern management interface that delivers a streamlined tenant administration model, enabling platform and tenant operators to manage complex multi-tenant storage environments from an intuitive dashboard. Alongside the new UI, a REST API for key platform operations gives operators and integrators a foundation for automation and tooling workflows. Together, they significantly reduce operational overhead while preserving the depth of control that enterprise and research organizations require.

S3 Performance Improvements: Sustained Throughput for Cloud-Native AI Pipelines

VDURA is delivering targeted S3 performance improvements designed to sustain high throughput across cloud-native AI pipelines, including AI model checkpointing, inference serving, and large-scale dataset ingestion. These improvements reduce latency for S3-native operations and increase aggregate throughput for concurrent read and write workloads, ensuring the VDURA Data Platform continues to deliver the performance AI operators demand as workloads scale.

S3 Tags: Metadata-Driven Control Across the Data Lifecycle

Building on enhanced S3 performance, VDURA is also introducing native S3 object tagging support, enabling organizations to attach rich metadata to objects stored on the VDURA platform. S3 Tags unlock policy-based data lifecycle management, automated tiering workflows, and fine-grained access controls across AI training datasets, model artifacts, and scientific data collections. For HPC and AI operators managing petabyte-scale object stores, S3 Tags provide the metadata infrastructure required to enforce governance policies and manage data across its full lifecycle.

Availability

The Next-Generation Control Plane, S3 Performance Improvements, and S3 Tags are planned for general availability in the second half of 2026 for all V5000 class systems. Existing customers can upgrade in place via an online software update. Customers interested in early access are encouraged to visit VDURA at ISC 2026 or contact the VDURA sales team at vdura.com.

VDURA at ISC High Performance 2026

VDURA is exhibiting at ISC High Performance 2026 in Hamburg, Germany. Visit the VDURA booth G21 to experience these new capabilities firsthand and learn more about VDURA’s full portfolio of AI and HPC storage solutions.

Leave a comment »

Guest Post: Modern Infrastructure Has OutgrownStatic Credentials

Posted in Commentary with tags on June 18, 2026 by itnerd

By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com

You may have noted that “World Password Day” was celebrated in May… And like each year, there was quite a bit of conversation around the idea that passwords just aren’t cutting it anymore… But, here’s the thing… Passwords didn’t suddenly become weak. The bigger problem is that modern infrastructure evolved far faster than the old trust models designed to protect it. This brought up another related conversation – lots of previously tried and true data and infrastructure security methods also aren’t cutting it anymore – like VPNs. 

And, that makes sense. Infrastructure was far more centralized and predictable 10-15 years ago. Even 5 years ago, for that matter. But today, businesses operate in environments that are constantly moving, scaling, and changing. Yet many organizations are still using assumptions built for a much smaller, slower, and more contained era of IT to secure today’s IT reality. 

The Perimeter Barely Exists Anymore

Most organizations no longer operate inside a clearly defined perimeter. Infrastructure is spread across hybrid cloud environments, multiple public cloud providers, Kubernetes clusters, remote users, AI workloads, edge deployments, and legacy systems that businesses still depend on every day. Modern infrastructure has become a patchwork of environments connected by operational necessity rather than standardization.

That creates a very different set of challenges than traditional security models were built for. 

Static credentials and broad network trust assumptions simply do not scale cleanly in environments where applications move dynamically, workloads scale automatically, and systems constantly communicate across regions, providers, and platforms.

Today’s infrastructure environments often include:

  • Hybrid cloud deployments
  • Multi-cloud infrastructure
  • Kubernetes and containers
  • AI and GPU-driven environments
  • Remote and distributed workforces
  • Edge and IoT deployments
  • Windows and Linux systems operating simultaneously
  • Legacy applications requiring ongoing operational support

Credential Problems Now Create Operational Problems

For sure, today’s environments are highly distributed and interconnected. Constantly authenticating and communicating with each other behind the scenes are applications, databases, cloud services, Kubernetes clusters, AI workloads, and failover systems.

So when credentials or trust relationships fail, operational problems can happen too, such as:

  • Applications losing connectivity
  • Replication between systems stopping
  • Failover processes failing during outages
  • Automated recovery systems breaking
  • AI services becoming unavailable
  • Distributed workloads timing out or crashing

In other words, a credential issue today can create both a security problem and an availability problem. In modern distributed environments, when trust breaks, operations break too.

If authentication fails, applications can lose connectivity. 

If trust relationships break during failover, recovery processes may not behave the way teams expect. 

If dependencies are poorly understood, outages become significantly harder to resolve under pressure. 

Security and operational continuity are now deeply interconnected, in highly distributed environments.

Downtime is no longer just inconvenient, as businesses rely more heavily on real-time applications, customer-facing systems, and AI-driven services. That reality becomes even more serious, directly impacting operations, customer experiences, and revenue.

Complexity Quietly Becomes the Biggest Risk

Simply managing overwhelming operational complexity is one of the biggest challenges modern IT teams face today. Every additional VPN dependency, networking exception, manual authentication workflow, or infrastructure-specific access policy adds another layer of fragility into the environment.

Eventually environments become so interconnected and complicated that nobody fully understands every dependency anymore. That’s when small problems start cascading into much larger operational incidents.

Common failure points now include:

  • Expired credentials breaking replication
  • Misconfigured trust relationships disrupting failover
  • VPN bottlenecks destabilizing distributed applications
  • Overly broad network access enabling lateral movement
  • Infrastructure-specific dependencies failing during migrations or outages

None of this happens because IT teams are careless, or not paying attention. 

Most organizations are simply trying to balance performance, uptime, security, compliance, cost, scalability, and operational flexibility… all at the same time. Of course, that is easier said than done. 

AI Infrastructure Is Accelerating Everything

AI environments amplify nearly every infrastructure challenge organizations already struggle with today. Massive GPU clusters, distributed compute environments, real-time responsiveness, high concurrency demands, and cross-region orchestration all place enormous pressure on connectivity, resiliency, and trust models.

In AI environments especially, weak trust relationships and brittle access models stop being theoretical security concerns very quickly. They become operational liabilities. Because failures impact real-time interactions immediately, customer-facing AI systems often cannot tolerate downtime, latency spikes, or connectivity instability.

That changes the stakes considerably compared to traditional enterprise systems where outages may have created delays or inconvenience but not necessarily immediate business disruption.

Why Zero Trust Continues to Gain Momentum

 Modern infrastructure has become too distributed, too interconnected, and too dynamic for organizations  to continue assuming that network presence alone should imply trust. Resultantly, the core principles of Zero Trust have become incredibly important for organizations to adopt into their architectures.

Organizations are increasingly shifting toward systems that only establish secure connections to the specific resources they actually need – i.e., a move to identity-aware, tightly scoped connectivity models.

That shift increasingly includes:

  • Identity-aware access controls
  • Direct encrypted connectivity
  • Application-level trust models
  • Workload segmentation
  • Infrastructure-agnostic architectures
  • Continuously validated access relationships

Because most businesses no longer operate in a single homogeneous environment, the infrastructure-agnostic piece matters enormously. Different workloads require different environments for performance, economics, compliance, sovereignty, or resiliency reasons. 

Security strategies now have to function consistently across all of them.

Modern Infrastructure Requires a New Trust Model

Passwords still matter. MFA still matters. Good credential hygiene still matters. None of that is going away, not anytime soon anyway.

Static credentials, VPNs, and broad network trust, modern infrastructure has clearly outgrown the idea that they should remain the primary foundation for security and operational continuity. Today’s environments are simply too dynamic, distributed, and interconnected for those older assumptions to keep scaling effectively.

That’s why more organizations are starting to move toward software-defined perimeter (SDP) approaches built around identity-aware, direct encrypted connectivity instead of exposing broad portions of the network itself. Instead of placing users and systems “on the network” and hoping policies contain access appropriately, the goal becomes far more precise: securely connect users, applications, workloads, databases, and services only to the exact resources they need access to. Nothing more.

That becomes especially important in environments spanning:

  • Hybrid and multi-cloud infrastructure
  • Kubernetes and containerized workloads
  • Windows and Linux systems
  • AI and GPU-driven environments
  • Edge deployments and distributed teams
  • High availability and failover architectures

The organizations adapting most successfully are increasingly recognizing that modern infrastructure requires a far more identity-aware, tightly controlled, infrastructure-agnostic, and operationally flexible approach to trust than the industry relied on twenty years ago.

1 Comment »

Hackers Publish Knicks and Madison Square Garden Data Online 

Posted in Commentary with tags on June 18, 2026 by itnerd

It is being reported that hackers from ShinyHunters have dumped about 45GB of Madison Square Garden Sports data online after a failed extortion attempt, exposing internal “talent” profiles tied to Knicks-related figures and other celebrities, plus customer emails that reference MSG’s use of facial recognition and risk labels.

404 Media has the details here: https://www.404media.co/hackers-publish-knicks-and-madison-square-garden-data-online/

Brian Bell, CEO of FusionAuth, provided the following comments:

“While there will be plenty of commentary on the celebrity names, the most important aspect of the Madison Square Garden breach is the richness of the identity data. The reported inclusion of a customer complaint about MSG’s use of facial recognition is exactly why identity solutions and their data need to be treated as critical infrastructure. Businesses and their customers are only now realizing that protecting identity is about far more than logins and passwords.

A breach like this exposes decisions an organization made about people — who got flagged, who got sorted into which category — that most of them never knew existed. That’s a different kind of harm than a leaked credential. A password can be reset; a customer’s standing with a brand, once it’s public that they were quietly labeled, cannot. The people in the data carry the exposure, and the organization wears the reputational cost of every private decision it’s now shown to have made.

The industry still treats identity as a backend implementation detail when it should be critical infrastructure — the system that governs access, and everything it stores about people. Treat it that way and you govern it differently: how isolated it is, who can reach it, what the blast radius looks like when something fails. The organizations that come through this AI cycle in good shape will be the ones that made that shift before a breach made the decision for them.”

MSG needs to treat this as a today problem. Because frankly it is a today problem and any lesser response will ensure that the victims are fully exploited.

Leave a comment »

« Older Entries