Beleaguered social media giant Facebook admitted to a new privacy blunder in a statement that said the site accidentally made the posts of over 14 million users public, despite designating the posts to be shared with only a limited number of contacts. The goof-up was pinned to a bug that “automatically” made users’ posts public, which could be viewed by anyone, including those people not logged on to Facebook.

From May 18 to May 27, over 14 million users who had set their posts and statuses visible only to select individuals bore the brunt of this bug. All their posts during that period became easily accessible to anyone on the Internet.



Facebook, however, released a statement saying the issue has been resolved now. “To be clear, this bug did not impact anything people had posted before and they could still choose their audience just as they always have. We’d like to apologize for this mistake,” Facebook Chief Privacy Officer Erin Egan said in the statement.

“We have fixed this issue, and we are letting everyone affected know and asking them to review any posts they made during that time.”

Moreover, the statement said it took Facebook technicians five days to fully restore privacy settings for all the affected posts despite first identifying the bug on May 22.

Starting Thursday, Facebook began pushing out notifications to the 14 million users affected by the bug and also referred them to its privacy basics page.



The bug transpired when Facebook developers were devising a new way to share pictures and other featured items in user profiles. Albeit in the process, the developers inadvertently suggested all new user posts be set to public, rather than just the featured items.

Normally, Facebook allows users to manage who can see their photos, texts, or videos apart from family members, colleagues, or other specially designated contacts. However, the bug revoked all the existing privacy settings of users.

Facebook’s fresh disclosure comes close on the heels of The New York Times report that said Facebook provided personal data for more than 87 million users to political consulting firm Cambridge Analytica in 2016.

“We expect that this kind of on-platform notification is something which people might see more of over the coming months as we try and do more to detect and fix issues before they affect people’s experience,” the statement further read.

SEE ALSO: Google Chrome is removing its ‘Secure’ URL badge