Thirty-seven "profoundly concerned" U.S. state and territory attorneys general fired off a letter to Facebook CEO Mark Zuckerberg on Monday, demanding answers over reports that personal user information from Facebook profiles was provided to third parties without the users' knowledge or consent.

"Most recently, we have learned from news reports that the business practices within the social media world have evolved to give multiple software developers access to personal information of Facebook users. These reports raise serious questions regarding consumer privacy"

The letter notes the 50 million Facebook profiles which may have been "misused and misappropriated by third-party software developers," noting that Facebook "took as much as 30%" of payments made through applications used by Facebook users.

"According to these reports, Facebook’s previous policies allowed developers to access the personal data of “friends” of people who used applications on the platform, without the knowledge or express consent of those “friends.” It has also been reported that while providing other developers access to personal Facebook user data, Facebook took as much as thirty (30) percent of payments made through the developers’ applications by Facebook users."

In other words - while a Facebook user may have agreed in the fine print to allowing the social media giant to hoover up their information - their "friends" did not.

"These revelations raise many serious questions concerning Facebook’s policies and practices" reads the letter, which asks "were those terms of service clear and understandable, or buried in boilerplate where few users would even read them?"

The Attorneys General also want to know;

How did Facebook monitor what these developers did with all the data they collected?

What type of controls did Facebook have over the data given to developers?

Did Facebook have protective safeguards in place, including audits, to ensure developers were not misusing the Facebook user's data?

How many users in our respective states were impacted?

When did Facebook learn of this breach of privacy protections?

During this timeframe, what other third party "research" applications were also able to access the data of unsuspecting Facebook users?

Moreover, the letter requests an update from Facebook as to how the company plans to allow users to more easily control the privacy of their accounts, noting that "Even with the changes Facebook has made in recent years, many users still do not know that their profile—and personal data—is available to third-party vendors. Facebook has made promises about users’ privacy in the past, and we need to know that users can trust Facebook. With the information we have now, our trust has been broken."

We look forward to Facebook's response. As the Attorneys General note in their letter - "Users of Facebook deserve to know the answers to these questions and more."