Uncovering and explaining how our digital world is changing — and changing us.

After a year of troubling mishaps on its massive social platform, Facebook has landed itself in yet another self-inflicted privacy debacle.

As many as 14 million Facebook users who thought they were posting items they only wanted their friends or smaller groups to see may have been posting that content publicly, the company said Thursday.

According to Facebook, a software bug — which was live for 10 days in May — updated the audience for some users’ posts to “public” without any warning. Facebook typically lets users select the audiences who get to see posts; that setting is “sticky,” which means it remains the default until it is manually updated.

Facebook was unclear about how many of the 14 million people may have posted to friends without realizing they were sharing that information to a much broader public audience. The company said it will begin to alert people who were impacted immediately.

Obviously, given Facebook’s rocky year of mismanagement of its platform, it’s both a public relations and operational disaster.

It is also unclear how widespread the problem is. It is not known, for example, how many of those 14 million people shared something publicly they didn’t want public, or how many may have noticed the settings change before publishing in the first place.

What is entirely clear is that Facebook has lost all benefit of the doubt in recent months and has lost trust with the media and regulators. And also, it seems inevitable its users, since knowing who sees your posts is an important part of feeling safe on the huge social networking platform. So, even if this is a minor software bug, this latest snafu cuts at a core part of Facebook’s pitch to consumers — that they have control over who sees posts.

“We’d like to apologize for this mistake,” Erin Egan, Facebook’s chief privacy officer, said in a statement.

Sign up for the newsletter Recode Daily Email (required) By signing up, you agree to our Privacy Notice and European users agree to the data transfer policy. Subscribe