Facebook announced today that a software glitch mistakenly made 14 million users’ posts public over a period of 10 days in May, even if the users had intended those posts to be private.

During the period, any post an affected user published on Facebook would have automatically been posted publicly. The bug affected Facebook posts between May 18 and 27; although Facebook fixed the error on May 22, it took five days to reverse the problem for all affected posts. Typically, the social network assigns new posts the same privacy setting as the user’s most recent post, unless otherwise instructed.

Facebook said that it was today beginning to notify affected users. Anyone whose posts were mistakenly made public will see a notification on their Facebook account—both the mobile app and website—entitled ”Please Review Your Posts.” The affected users will then be shown which posts were marked public during the glitch.

The incident is another blow for the social network, which has been under heavy scrutiny for historically lax privacy policies that resulted in 87 million users’ private data falling into the hands of Cambridge Analytica without their consent.