This cloud storage giant was accidentally sharing a bunch of data with Facebook

(Image credit: Backblaze)

The cloud storage and cloud backup provider Backblaze has removed Facebook tracking code (also known as an advertising pixel) from its service after it was accidentally added to web UI pages following a recent advertising campaign.

In a privacy update on its site, senior director of marketing at the company Yev Pusin provided further insight on what happened, saying:

“We use Google Tag Manager to help deploy key third-party code in a streamlined fashion. The Google Tag Manager implementation includes a Facebook trigger. On March 8, 2021 at 12:39 p.m. Pacific time, a new Facebook campaign was created that started firing a Facebook advertising pixel, intended to only run on marketing web pages. However, it was inadvertently configured to run on signed-in pages.”

Backblaze was first informed of the issue when a user reached out to the company on Twitter to inform them that pages on the B2 web UI were sending file names and sizes to Facebook.

Facebook tracking code

Normally Facebook's advertising pixel is only used on marketing pages but in this case, the company's campaign was accidentally configured to run on other Backblaze pages including its web UI pages which can only be accessed by users that are logged in.

After investigating the issue further though, Backblaze found that the third-party tracking code was only deployed on its b2_browse-files2.htm web UI page that allows users to browse their B2 Cloud Storage files. The company also discovered that 9,245 users had visited the page between March 8 and 21 while the Facebook campaign was active.

During the campaign, the third-party tracking code collected loads of file and folder metadata including file names, sizes and dates which was then uploaded to Facebook's servers. Thankfully though, this only happened to customers who clicked to preview file information while browsing through the files saved in their B2 Cloud Storage.

Backblaze plans to inform customers affected by the issue and going forward, the company will be carefully reviewing applicable third-party code on its website.

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.