A number of leading Facebook applications – including some of its most popular games – have been identified as transmitting users' identities to third-party firms.
In most cases this has seemingly been done without the developers' knowledge, but Facebook this weekend shut down apps identified as deliberately sharing information (including a number by VC-backed startup LOLapps Media).
An investigation by The Wall Street Journal found that games such as Zynga's FarmVille and Texas HoldEm Poker were apparently inadvertently making players' Facebook IDs – from which real names can be easily established – to data-mining and advertising companies.
In some cases (again including FarmVille), the identity of users' friends was also shared. "Zynga has a strict policy of not passing personally identifiable information to any third parties," claimed a spokeswoman. "We look forward to working with Facebook to refine how web technologies work to keep people in control of their information."
The WSJ outed a data firm known as RapLeaf as selling on a database of users which included those extrapolated from leaked Facebook IDs. It was also found to be transmitting user IDs to a dozen more marketing organisations, which it claimed was unintentional.
Facebook confirmed it would be taking steps to prevent this from continuing, as well as shutting down any further apps found to be deliberately transmitting information.
The company also claimed that knowledge of user IDs doesn't entail access to anything other than real names, but pledged to tighten its systems in response to the findings.
"This is an even more complicated technical challenge than a similar issue we successfully addressed last spring on Facebook.com," said a spokesman, "but one that we are committed to addressing."
The social network has been subject to significant scrutiny over its privacy systems, and in June this year was forced to overhaul its security controls in response to widespread user concern and confusion over what details were being made public.