SAN FRANCISCO — Facebook blamed a software bug on Thursday for publicly revealing the posts of as many as 14 million users, marking the latest privacy headache for the social media giant.

The bug, which was active for ten days in May, changed the default audience on some users' posts to "public" without their consent. That means some Facebook users who thought they were only posting to friends or within the social network could have published posts visible to the public.

The news was first reported by Recode.

Facebook allows people to choose the audience they want to share posts with and allows users to build specific friends lists, letting them publish posts visible by only a subsection of their Facebook network. Facebook users can also select “public” if they want to make a post viewable to anyone on or off Facebook.

Erin Egan, Facebook’s chief privacy officer, said in a statement that Facebook fixed the issue and is notifying every user who was affected so they can review the audiences for posts they published between May 18 and May 27.

“To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have,” she said.

Facebook said the bug occurred when the company was creating a new way to share featured items on a user’s profile, such as photos. Since featured items are public, the bug inadvertently changed the default audience for new posts to public.

The bug is yet another public relations nightmare for Facebook as the company deals with the fallout from the Cambridge Analytica data harvesting scandal, and why it gave 60 phone manufacturers, including one flagged by U.S. intelligence, access to private user data.

Jo Ling Kent contributed reporting.