This cloud storage giant was accidentally sharing a bunch of data with Facebook

Backblaze
(Image credit: Backblaze)

The cloud storage (opens in new tab) and cloud backup (opens in new tab) provider Backblaze (opens in new tab) has removed Facebook tracking code (also known as an advertising pixel) from its service after it was accidentally added to web UI pages following a recent advertising campaign.

In a privacy update (opens in new tab) on its site, senior director of marketing at the company Yev Pusin provided further insight on what happened, saying:

“We use Google Tag Manager to help deploy key third-party code in a streamlined fashion. The Google Tag Manager implementation includes a Facebook trigger. On March 8, 2021 at 12:39 p.m. Pacific time, a new Facebook campaign was created that started firing a Facebook advertising pixel, intended to only run on marketing web pages. However, it was inadvertently configured to run on signed-in pages.”

Backblaze was first informed of the issue when a user reached out (opens in new tab) to the company on Twitter to inform them that pages on the B2 web UI were sending file names and sizes to Facebook.

Facebook tracking code

Normally Facebook's advertising pixel (opens in new tab) is only used on marketing pages but in this case, the company's campaign was accidentally configured to run on other Backblaze pages including its web UI pages which can only be accessed by users that are logged in.

After investigating the issue further though, Backblaze found that the third-party tracking code was only deployed on its b2_browse-files2.htm web UI page that allows users to browse their B2 Cloud Storage (opens in new tab) files. The company also discovered that 9,245 users had visited the page between March 8 and 21 while the Facebook campaign was active.

During the campaign, the third-party tracking code collected loads of file and folder metadata (opens in new tab) including file names, sizes and dates which was then uploaded to Facebook's servers. Thankfully though, this only happened to customers who clicked to preview file information while browsing through the files saved in their B2 Cloud Storage.

Backblaze plans to inform customers affected by the issue and going forward, the company will be carefully reviewing applicable third-party code on its website.

Via BleepingComputer (opens in new tab)

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.