It occurred when Facebook was testing a new feature and meant that it accidentally changed a user's privacy settings to public from whatever it was previously, making potentially sensitive status updates viewable from anywhere in the world. The software flaw was apparently live for 10 days last month and the company didn't give users any kind of warning.
Normally, a new post will default to whichever setting was selected for the previous one, but in this case all new messages automatically went to public. That's because the company had promised that the setting users set in their most recent privacy preferences would be maintained for future posts.
Facebook estimates that 14 million users are affected by the glitch, and is notifying them of it.
"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts", said Erin Egan, Facebook's chief privacy officer, in a statement. The social media giant says it stopped the error on May 22, but it was not able to change all the posts back to their original privacy restrictions until May 27.
If the user did not notice the setting had changed, they may have posted something publicly that was not intended for that wider audience. Facebook is now in the process of rolling out new privacy menus to all of its 2 billion users.
Users who were affected by the bug will start receiving a notification on Facebook starting Thursday.
'We'd like to apologize for this mistake, ' she added.
Facebook has been criticized for its tendency to retroactively notify users of security bugs or breaches.
A Facebook booth is seen at the China International Big Data Industry Expo in Guiyang, Guizhou province, China, on May 27, 2018.
It was unclear if users could have done anything to their settings to prevent being affected by the bug the company revealed on Thursday.
Facebook was back in the spotlight in the past few days after the New York Times reported that Facebook had data-sharing contracts with device makers like Apple and Samsung.