Facebook and Twitter has confirmed the data of "hundreds of users" has been exposed through a Google Play Store bug.
The companies were notified of the issue - which affects Android users - by third-party security researchers which discovered a development kit called One Audience gave outside developers access to personal details, including email addresses and email addresses.
A Facebook spokesperson told The Verge: "After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn.
"We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender.
"We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts."
Twitter detailed the issue in a blog post this week, and explained the problem "is not due to a vulnerability in Twitter's software, but rather the lack of isolation between SDKs [software development kits] within an application".
The social media platform has notified Google and Apple of the vulnerability, while it should be noted there is no indication that iOS users have been impacted.