MySpace has been found to be sharing user data with third parties just days after similar revelations at larger rival Facebook.
As was the case with Facebook, advertisers can potentially link user identification numbers to personal information, according to The Wall Street Journal.
The identity data was usually sent by MySpace when users clicked on advertisements, according to the Journal, which exposed the ad tracking at Facebook, but MySpace advertisers such as Google, Quantcast and Rubicon Project, said they did not use the information.
A MySpace spokesman told CNN that company policy was to share only non-personally identifiable information with ad companies, but the company was dealing with some third-party application developers who had broken the rules, according to US reports.
The Journal said the MySpace leaks are more limited because, unlike Facebook, users are allowed to set up accounts using pseudonyms.
But the paper said the investigation demonstrates how fundamental web technologies can jeopardise user privacy.
When a user clicks on an online ad, several pieces of data are transmitted, including the web address of the page where the user saw the ad, and at both MySpace and Facebook, that web address has included a user ID.