About 14 million Facebook users who thought they were posting a message just to friends or smaller groups may have actually been sharing it widely with the general public due to a software bug, the company said Thursday.
A Facebook user's post typically defaults to a preselected privacy setting. However, a bug that was active from May 18 to May 27 changed posts to automatically be public.
The posts were clearly marked as public, but users who were used to their privacy settings could have easily overlooked the public designation.
The company said it went back and recategorized the affected posts to the user's default setting before the bug, and the problem has been fixed. In addition, Facebook will notify the 14 million users who could have been affected starting Thursday with an alert in their notifications.
"Starting today we are letting everyone affected know and asking them to review any posts they made during that time," chief privacy officer Erin Egan said in a statement.
"We'd like to apologize for this mistake," Egan said.
It's another misstep in Facebook's ongoing data privacy issues, spurred by revelations of a data leak that affected as many as 87 million users.
The issue resulted from Facebook's efforts to allow users to highlight items on their profiles, such as photos, the company said. The featured items defaulted to public settings, which inadvertently made all posts by the user during the affected time period also default to public.
— CNBC's Michelle Castillo contributed to this report.
Correction: An earlier version of the headline on thispost misstated the nature of the bug. The bug turned the suggested sharing setting for new posts to 'public' even if the last post the user had made was private, a change in behavior that could have confused users into sharing with more people than they intended. No previously private posts were made public.