All 10 of Facebook's most popular apps, including Farmville and Texas HoldEm Poker, are among those leaking the unique 'Facebook ID' number to outside firms.
Every Facebook number is individual and assigned to every profile. Searching for the number will provide access to the Facebook user's profile and anyone can view the information a user has chosen to share with 'everyone'. This can include their name, date of birth and even photos.
Farmville, which has 59 million users, also passes this information about a user's friends.
The WSJ said at least 25 firms were being sent the Facebook IDs, which they were using to build profiles of web users, and in some cases, even track their web browsing. It's not known if the developers knew their apps were leaking data.
Millions of Facebook users have been affected, even those that use the social network's strongest privacy settings. It also breaks Facebook's rules concerning privacy, which state app developers can not pass on users' data to outside firms, even if the user has given permission.
Facebook admitted a user's ID "may be inadvertently shared by a user's internet browser or by an application" but it "does not permit access to anyone's private information on Facebook".
Third-party developers are usually responsible for developing the apps. Facebook stopped users accessing several apps thought to have been leaking personal data.
"We have taken immediate action to disable all applications that violate our terms," Facebook said.
The WSJ named RapLeaf as one of the developers using the Facebook IDs in its own database as well as passing them onto to several other firms.
"We didn't do it on purpose," Joel Jewitt, vice president of business development for RapLeaf, told the WSJ.
Facebook said it plans to introduce new technology that will stop the problem.