The Journal says when you click on an ad in Facebook, Twitter or MySpace, information is sent to the advertiser showing what URL the user was on when the click occurred. By working backwards, the advertiser can then make a reasonable guess as to who made the click.
So, for instance, if I were to click an ad from my Facebook newsfeed, the url was sent along with the click. By using the ID number, 681713061, it tracks right back to me. (It's true - just try Googling 681713061)
It's not uncommon for website owners and bloggers to examine where their visitors come from but in this case, the action of passing that information onto advertisers -- even inadvertently -- could be a privacy problem, as it violates the websites' own privacy policies.
"Several large advertising companies identified by the Journal as receiving the data, including Google Inc.'s DoubleClick and Yahoo Inc.'s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven't made use of it." the Journal's Jessica Vascellero said
The flaw also impacted users of Digg, Hi5, Xanga, and LiveJournal. Twitter, it was discovered, passed web addresses and user names of profiles visited when users clicked other links on the profiles.