Meta Exposed Data Internally From Its Controversial Employee-Tracking Program
Meta Exposed Data Internally From Its Controversial Employee-Tracking Program
Meta 内部泄露了其备受争议的员工追踪项目数据
Meta left potentially sensitive information collected from employee laptops accessible to anyone inside the company, according to an internal security notice seen by WIRED and three current employees familiar with the issue. 根据《连线》(WIRED)看到的一份内部安全通知以及三名知情的现任员工透露,Meta 将从员工笔记本电脑上收集的潜在敏感信息,置于公司内部任何人均可访问的状态。
The data, which was collected as part of a divisive initiative to train artificial intelligence models, is believed to include keystrokes, mouseclicks, and content displayed on the computer screens of Meta’s US employees. 这些数据是作为一项旨在训练人工智能模型的争议性计划的一部分而收集的,据信包括 Meta 美国员工的键盘敲击记录、鼠标点击记录以及电脑屏幕上显示的内容。
Meta spokesperson Tracy Clayton initially confirmed to WIRED that the company is investigating the security issue. As this story was being published, he added that Meta is pausing the data collection program indefinitely. “We have carefully designed this program with privacy safeguards and while we have no indication at this time that any data was improperly accessed by Meta employees, we’re pausing it while we investigate,” Clayton says. Meta 发言人特雷西·克莱顿(Tracy Clayton)最初向《连线》证实,公司正在调查这一安全问题。在本文发布时,他补充称 Meta 将无限期暂停该数据收集项目。克莱顿表示:“我们精心设计了该项目并配备了隐私保护措施,虽然目前没有迹象表明任何数据被 Meta 员工不当访问,但我们在调查期间将暂停该项目。”
The security notice sent out Monday indicated that “employee data across 45,000 hive tables,” had been exposed. Those tables included employee activity such as “full prompts and transcriptions, private conversations, people and performance data,” according to documents viewed by WIRED. 周一发出的安全通知显示,“跨越 45,000 个 Hive 表的员工数据”已遭到泄露。根据《连线》查阅的文件,这些表格包含了员工的活动记录,例如“完整的提示词和转录内容、私人对话、人员及绩效数据”。
Some employees at Meta quickly seized on the security failure, saying in internal forums that it validated concerns they had raised when the company began tracking workers’ corporate laptops in April as part of a program known as the Model Capability Initiative. Meta 的一些员工迅速抓住了这次安全失误,并在内部论坛上表示,这证实了他们之前的担忧。此前,公司于 4 月开始通过一项名为“模型能力倡议”(Model Capability Initiative)的计划追踪员工的办公笔记本电脑。
Comments about the incident posted on internal forums Monday included questions about how Meta’s privacy reviews failed to prevent the breach, and whether everyone whose data was potentially exposed will be allowed to attend a meeting going over what went wrong, according to posts seen by WIRED. 根据《连线》看到的帖子,周一在内部论坛上发布的关于此事件的评论中,包括了对 Meta 的隐私审查为何未能阻止此次泄露的质疑,以及所有数据可能被泄露的员工是否会被允许参加关于事故原因的说明会。
In one internal forum where staffers are known to trade jokes, an employee posted a meme from The Office of the character Jim Halpert holding a sign that reads, “0 days since our last nonsense.” 在一个员工们常用来开玩笑的内部论坛上,一名员工发布了一张美剧《办公室》(The Office)的表情包,图中角色吉姆·哈珀特(Jim Halpert)举着一块牌子,上面写着:“距离我们上次胡闹已经 0 天了。”
Sources at Meta, who were not authorized to speak publicly, tell WIRED the incident has now been marked as closed, meaning it was likely resolved. Meta 内部未获授权公开发言的消息人士告诉《连线》,该事件目前已被标记为“已关闭”,这意味着问题很可能已经得到解决。
In an internal post responding to employees’ questions on Monday seen by WIRED, Andrew Bosworth, Meta’s chief technology officer, said that the tracking program’s implementation had fallen short of the standards outlined in its privacy review and that findings from the incident would be shared. “Here we had misconfigured ACLs [access control lists] and we need to understand how that happened, track down every data access and understand it,” Bosworth wrote. 在《连线》看到的一篇周一回应员工提问的内部帖子中,Meta 首席技术官安德鲁·博斯沃思(Andrew Bosworth)表示,该追踪项目的实施未达到其隐私审查中概述的标准,并将分享此次事件的调查结果。博斯沃思写道:“这里出现了访问控制列表(ACL)配置错误,我们需要了解这是如何发生的,追踪每一次数据访问并弄清情况。”
A couple of months ago, Bosworth told employees concerned about potential data leaks that the tracking program is “tightly controlled” and uses the same protection standards, storage systems, and access controls as other sensitive datasets, according to internal posts seen by WIRED. 根据《连线》看到的内部帖子,几个月前,博斯沃思曾告诉担心潜在数据泄露的员工,该追踪项目受到“严格控制”,并使用与其他敏感数据集相同的保护标准、存储系统和访问控制。
Last month, more than 1,600 employees at the tech giant signed an internal petition protesting the laptop surveillance effort, warning that “collecting this data introduces both security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure.” The petitioners also expressed concerns with what they viewed as a lack of safeguards that Meta had put in place. One engineer also wrote a widely shared internal note saying having their laptop screen scraped for training data without their consent felt like an invasion of privacy and amounted to exploitation. 上个月,这家科技巨头的 1,600 多名员工签署了一份内部请愿书,抗议笔记本电脑监控行为,警告称“收集这些数据会给 Meta 带来安全和监管风险,包括潜在的泄露和未经授权的披露”。请愿者还对他们认为 Meta 缺乏足够的保护措施表示担忧。一名工程师还写了一份被广泛传阅的内部备忘录,称在未经同意的情况下抓取其笔记本电脑屏幕作为训练数据,感觉像是侵犯隐私,等同于剥削。
Meta executives have previously defended the data-gathering project, saying it was necessary to train AI systems to use computer software the way humans do. In audio of a company meeting leaked last month, Mark Zuckerberg, Meta’s CEO, told employees that “AI models learn from watching really smart people do things,” and the “average intelligence of the people who are at this company is significantly higher” than the average contractor who could be hired specifically to produce this kind of data. Meta 高管此前曾为该数据收集项目辩护,称为了训练人工智能系统像人类一样使用计算机软件,这是必要的。在上个月泄露的一段公司会议录音中,Meta 首席执行官马克·扎克伯格(Mark Zuckerberg)告诉员工,“人工智能模型通过观察真正聪明的人做事来学习”,而“这家公司员工的平均智力水平”远高于专门雇佣来产生此类数据的普通外包人员。
But after widespread protest from employees, Meta this month began offering more exemptions to the monitoring, including letting staffers briefly turn off the surveillance so they could complete sensitive tasks, such as scheduling a personal appointment, according to two people familiar with the matter. Some employees are still demanding that the tracking be stopped altogether. 但据两名知情人士透露,在员工的广泛抗议后,Meta 本月开始提供更多的监控豁免,包括允许员工短暂关闭监控,以便他们完成敏感任务,例如安排个人预约。一些员工仍要求彻底停止这种追踪。
Meta faces more regulatory scrutiny about data security than most companies. It is subject to a US Federal Trade Commission consent decree that expires in 2040 requiring it maintain processes to avoid breaches. But current and former employees have told WIRED that the requirements are inadequate and outdated. Meta also has also begun offloading some work reviewing programs and features for potential privacy and security risks to artificial intelligence. It wasn’t immediately clear whether AI played a role in the access control issue with the MCI data. Meta 面临的数据安全监管审查比大多数公司都要多。它受美国联邦贸易委员会(FTC)的一项同意令约束,该法令将于 2040 年到期,要求其维持相关流程以避免泄露。但现任和前任员工告诉《连线》,这些要求既不充分也已过时。Meta 还开始将部分审查程序和功能是否存在潜在隐私及安全风险的工作交给人工智能处理。目前尚不清楚人工智能是否在 MCI 数据访问控制问题中发挥了作用。
The security incident will likely contribute to the ongoing morale crisis at Meta, where employees have been frustrated by the past few years of mass layoffs, a turbulent reorganization, and an all-out push to develop AI models and features. In March, Meta created a new Applied AI team and moved some 6,500 employees into new roles focused on improving AI models. Some Meta staffers have described the projects they have been assigned as menial and “soul-crushing.” 此次安全事件可能会加剧 Meta 目前的士气危机。过去几年里,大规模裁员、动荡的重组以及全力开发人工智能模型和功能的压力,让员工感到沮丧。今年 3 月,Meta 成立了一个新的应用人工智能团队,并将约 6,500 名员工调入专注于改进人工智能模型的新岗位。一些 Meta 员工形容他们被分配的项目是琐碎且“令人心碎”的。
Bosworth sent out a memo to employees last week apologizing for the company’s “atrocious” communication about the AI reorganization and promising improvements, including clearer communication and the return of some office perks. 博斯沃思上周向员工发送了一份备忘录,为公司在人工智能重组方面“糟糕”的沟通道歉,并承诺进行改进,包括更清晰的沟通以及恢复部分办公室福利。
Update 6:25 EDT, 6/22/2026: This story was updated with clarification from the Meta spokesperson and additional context. 更新(美国东部时间 2026 年 6 月 22 日 6:25):本文已根据 Meta 发言人的澄清和额外背景信息进行了更新。