The details emerged in a case brought by Privacy International, looking at the legality of mass data collection.
It said it was concerned that the information could have been shared with foreign governments and corporate partners.
The body which oversees UK surveillance did not know that highly sensitive data was being shared, it emerged.
Facebook said it did not provide “any government with access to people’s data”.
The long-running legal case was brought by Privacy International, following revelations in March 2015 that the intelligence agencies were collecting not only targeted data on specific suspects but also information from the general public.
The details were revealed in an Intelligence and Security Committee report which, although heavily redacted, stated that so-called bulk personal datasets (BPDs) vary in size from hundreds to millions of records.
According to Privacy International, it is the first time that the type of data being collected has been made public, although it is still not clear how much data is collected.
“We don’t know whether it is intercepted or given to it by the companies,” Millie Graham Wood, a solicitor at Privacy International, told the BBC.
Facebook said that it did not provide “back doors” and that it scrutinized “each government request for user data”.
Meanwhile, in a blog post from 2016, Twitter said that it “prohibits developers using the public APIs and… data products from allowing law enforcement – or any other entity – to use Twitter data for surveillance purposes.”
The Investigatory Powers Commissioner’s Office (IPCO), which oversees the UK’s surveillance regime, has raised concerns over the role of these private contractors.In letters shared with PI, it said that there are “no safeguards” in place to prevent the misuse of the systems by third parties.
Ms Graham Wood said: “After all this time, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.