The newspaper said Monday that the breach also includes users who set all their information to be completely private. And in some cases, it says, the apps provided access to friends' names, according to wire reports.
"The information being transmitted is one of Facebook's basic building blocks: the unique 'Facebook ID' number assigned to every user on the site," the WSJ reported. "Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person's name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with 'everyone,' including age, residence, occupation and photos.
The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.
A Facebook spokesman told the Journal on Sunday that the company would introduce new technology to contain the breach. It's not clear how long the breach went on.
The paper says Facebook also has taken immediate action to disable all applications that violated their terms. "Press reports have exaggerated the implications of sharing a UID," Facebook said a statement.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.