It’s been a good week in FarmVille. Your friends helped you build a horse stable and a larger chicken coop, you joined a co-op and now you’re rushing to plant a field with strawberries because — like they say — “everything grows in FarmVille,” even if it is mid-October.

But there are storm clouds on the horizon for users of this real-time simulation game developed by Zynga and available as an game on Facebook. The Wall Street Journal on Monday reported that popular applications (also known as “apps”) and games like FarmVille have been transmitting players’ names — and even their friends’ names — to advertisers and outside companies.

The WSJ story said the top 10 most popular applications have been transmitting personal information about users to internet tracking companies. Worse yet, some have been forwarding a user’s “friends” list to these advertisers. Facebook’s 500 million-plus users all have access to such games and the Journal said this privacy issue affects millions of them who sign up for such online activities. And apparently no one is safe from such disclosure, the WSJ says, even those who go out of their way to set their Facebook settings at the highest privacy level.

This isn’t the first time Facebook has been under fire for the occasional security breach for users’ information. The company was quick to announce Sunday that it is taking steps to limit the exposure of such personal information. Facebook said it was introducing new technology to curtail the problem.

What is being transmitted, according to the Journal article, is the Facebook ID number that is assigned to every user on the site. And since these IDs are a public part of any Facebook profile, anyone can use an ID number to look up someone else’s name — even the names of those who are careful enough to set their Facebook information at the highest privacy levels. For those less concerned about their privacy, the ID provides such details as place of residence, job title, age, gender and even photos.

A Facebook spokesman told the paper that user ID “may be inadvertently shared by a user’s Internet browser or by an application,” adding that knowledge of an ID “does not permit access to anyone’s private information on Facebook.”

When you sign up to use a app or for a game such as Zynga’s FarmVille, they are asked to complete a “Request for Permission” form, which seeks access to your basic information including name, profile picture, gender, networks, user ID, list of friends, and any other information you might have shared with everyone. Once you hit the “allow” button, you could be sharing that information with up to two dozen advertising and data companies, several of which reportedly build profiles of users based on their online activities.

Facebook says it doesn’t allow the 550,000 developers of apps on its site to transfer data about its users to outside companies, even if a Facebook user agrees to this transfer. But the Journal’s findings demonstrate the challenge of policing those rules for the 550,000 apps in use on its site.

The Journal’s findings are the latest challenge for Facebook, which has been criticized in recent years for modifying its privacy rules to expose more of a user’s information. The company says it has disabled thousands of applications at various times for violating its policies. But what’s not known is how many, if any, of those cases involved passing user information to marketing companies.

This past spring, WSJ found that Facebook was transmitting the ID numbers to advertising companies, under some circumstances, when a user clicked on an ad. Facebook subsequently discontinued the practice.