The cloud storage (opens in new tab) and cloud backup (opens in new tab) provider Backblaze (opens in new tab) has removed Facebook tracking code (also known as an advertising pixel) from its service after it was accidentally added to web UI pages following a recent advertising campaign.
In a privacy update (opens in new tab) on its site, senior director of marketing at the company Yev Pusin provided further insight on what happened, saying:
“We use Google Tag Manager to help deploy key third-party code in a streamlined fashion. The Google Tag Manager implementation includes a Facebook trigger. On March 8, 2021 at 12:39 p.m. Pacific time, a new Facebook campaign was created that started firing a Facebook advertising pixel, intended to only run on marketing web pages. However, it was inadvertently configured to run on signed-in pages.”
- We've built a list of the best cloud storage (opens in new tab) services available
- These are the best portable SSDs (opens in new tab) on the market
- Also check out our roundup of the best external drives (opens in new tab)
Backblaze was first informed of the issue when a user reached out (opens in new tab) to the company on Twitter to inform them that pages on the B2 web UI were sending file names and sizes to Facebook.
Facebook tracking code
Normally Facebook's advertising pixel (opens in new tab) is only used on marketing pages but in this case, the company's campaign was accidentally configured to run on other Backblaze pages including its web UI pages which can only be accessed by users that are logged in.
After investigating the issue further though, Backblaze found that the third-party tracking code was only deployed on its b2_browse-files2.htm web UI page that allows users to browse their B2 Cloud Storage (opens in new tab) files. The company also discovered that 9,245 users had visited the page between March 8 and 21 while the Facebook campaign was active.
During the campaign, the third-party tracking code collected loads of file and folder metadata (opens in new tab) including file names, sizes and dates which was then uploaded to Facebook's servers. Thankfully though, this only happened to customers who clicked to preview file information while browsing through the files saved in their B2 Cloud Storage.
Backblaze plans to inform customers affected by the issue and going forward, the company will be carefully reviewing applicable third-party code on its website.
- We've also highlighted the best flash drives (opens in new tab)
Via BleepingComputer (opens in new tab)