Facebook has been sharing the contents of users' private messages with other companies on a scale far beyond what it has publicly admitted, according to leaked internal documents.

An investigation by the New York Times found that the social network gave more than 150 outside firms access to personal details such as email addresses and private messages.

In one case, the newspaper alleged, it did so without securing its users' consent, and in some cases it shared data in ways which it had publicly claimed it would no longer allow after the Cambridge Analytica scandal.

Among the companies that accessed information was Yandex, a Russian search engine which has been accused by the security service of Ukraine of sharing its users' data with the Russian government.

The report suggests that Facebook has continued some of the practices that led to the Cambridge Analytica scandal, and calls into question Mark Zuckerberg's claim before the US Congress in April that Facebook users have "complete control" over their data.

It also reveals the number of companies that have been drinking deeply from the well of Facebook's user data, including companies which have previously criticised Facebook for failing to protect users' privacy.

Responding to the allegations, Steve Satterfield, Facebook's director of privacy, said: "Facebook's partners don't get to ignore people's privacy settings, and it's wrong to suggest that they do.