Security News > 2021 > March > BackBlaze mistakenly shared backup metadata with Facebook
Backblaze has removed Facebook tracking code accidentally added to web UI pages only accessible to logged-in customers.
Backblaze discovered the issue after receiving user reports on March 21 that pages on the B2 web UI were sending file names and sizes to Facebook.
While the Facebook advertising pixel used in such campaigns is ordinarily used only on marketing pages, this campaign was accidentally configured to run on all platform pages, including web UI pages only accessible to logged-in users.
Htm web UI page, which allows users to browse their B2 Cloud Storage files as Backblaze found after investigating the incident.
While the campaign ran, the third-party tracking code collected file and folder metadata such as file names, sizes, and dates and uploaded it to Facebook's servers.
"No actual files or file contents were shared at any time. The data that was pulled did not include any user account information," he said.