Backblaze is a US-based cloud storage and online backup provider that services customers from 175 countries and holds in its storage over 1 Exabyte of data.

Earlier this month a user reported to Backblaze the fact that the B2 web UI looked like it was submitting all of the names and sizes of his files in the B2 bucket to Facebook.

Backblaze has now removed the Facebook tracking code, otherwise known as an advertising pixel. This tracking code was accidentally added to the web UI pages and was accessible only to logged-in customers.

The tracking code was added by mistake when a new Facebook advertising campaign started on On March 8th.

Facebook advertising pixel is usually used on marketing pages, but for this specific campaign, the pixel was configured to run on all platform pages. 

We promptly investigated the matter and, once we were able to identify, verify, and replicate the issue, we removed the offending code from the signed-in pages on March 21.

Our Engineering, Security, and Compliance/Privacy teams—as well as other staff—are continuing to investigate the cause and working on steps to help ensure this doesn’t happen again.


Backblaze has discovered that 9,245 users visited the page at the time the Facebook campaign was active, and whilst the campaign was running, the third-party tracking code collected files and folder metadata like file names, sizes, and also dates, all of which got updated onto Facebook’s servers. 

From the data that Backblaze has at this moment no user files or account information were given to Facebook while the tracking code was active on signed-in pages.

No actual files or file contents were shared at any time. The data that was pulled did not include any user account information.

Backblaze did not intentionally share this data with Facebook, nor did Backblaze receive any form of compensation for it.


British Retailer ‘Fat Face’ Suffers Security Breach

GDPR and Data Breach Risks: An Interview with Bogdan Manolea of ApTI

How Cybercriminals Hack Facebook, Instagram and Snapchat Passwords

Leave a Reply

Your email address will not be published. Required fields are marked *