An article by the Wall Street Journal says that social networking sites such as Facebook and Myspace have been sending advertising companies data that could be used to identify the names of users, along with other personal data.
The revelations come despite some companies promising that they do not share such information with advertisers without the consent of users.
According to the paper, most companies it spoke to defended the practice, which involves sending details of user names or Id’s linked to personal profiles which were being viewed when users clicked on adverts.
In recent months social networking sites, especially Facebook, have been under increasing pressure to tighten their security and privacy controls to protect users.
The journal said that by Thursday morning Facebook had “rewritten some of the offending computer code”.
A spokesman for Facebook admitted the company has been passing on data to advertisers that could allow them to tell if a particular Facebook user had clicked on an advert. He said the code identifying users had now been removed.
He said: “We were recently made aware of one case where if a user takes a specific route on the site, advertisers may see that they clicked on their own profile and then clicked on an ad. We fixed this case as soon as we heard about it.”