There's been so many Facebook scandals in the past year that it's hard to keep track. But this latest one is certainly grabbing people's attention.

Facebook has gotten its hands on sensitive personal data that phone owners have given to other apps due to a software tool that shares that data with the social network for ad targeting purposes, according to The Wall Street Journal. While we already knew apps outside of Facebook share data with the company, this new report claimed health and fitness apps are sharing everything from diet and exercise to a user’s ovulation cycle.

Trying to get pregnant? Facebook might know that now. Apps like Flo Health, an ovulation tracker, and companies like Azumio Inc, which make popular heart rate trackers, use a Facebook tool called App Events to share user-submitted data with the social network without explicit consent from the user. This data helps Facebook improve its ad-targeting tools that those app developers use to reach people on Facebook.

In other words, Facebook can collect data submitted by users of a participating health app, match it to its own users, and then it can better label them and improve its ad targeting. This data is sometimes anonymised, but there are markers that allow Facebook to match it with its users. However, Facebook said it tells developers not to share "health, financial information or other categories of sensitive information" with it.

The WSJ claimed it looked at 70 participating apps, most of which were popular iOS 11 apps, and noticed 11 of them shared date with Facebook without notifying users about the data-sharing tool in privacy policies or terms of service. Realtor.com, oddly, was named as one of the apps.

Facebook seems to be washing its hands clean of this scandal, telling the WSJ that developers must make it clear to users what data they're collecting and sharing with Facebook, though it admitted some of the reported information-sharing practices appear to violate its terms. Facebook will now make those apps stop sharing sensitive data and promises to be stricter with developers.

It also claimed it auto-deletes some data it receives, including social security numbers from banking and other financial-related apps.