Facebook Bug May Have Made 14 Million Users’ Posts Public

The latest Facebook privacy blunder is a bug that changed settings on some accounts, automatically suggesting that their updates be posted publicly, even though users had previously set their updates as “private”.

On Thursday, Facebook asked 14 million users to review posts made between 18 May and 22 May: that’s when the bug was changing account settings. Not all of the 14 million users affected by the bug necessarily had their information publicly, mistakenly shared, but best to check.

Facebook Chief Privacy Officer Erin Egan said in a post that as of Thursday, the company had started letting those 14 million people know about the situation. She stressed that the bug didn’t affect anything people had posted before that time, and even then, they could still have chosen their audience like they always have.

Normally, the audience selector is supposed to be sticky: every time you share something, you get to choose who sees it, and the suggestion is supposed to be based on who you shared stuff with the last time you posted. Friends only? Fine, that’s what should be automatically suggested for the next post, and the one after that, until you change it… or a weird little glitch like this pops up.

Egan said that the bug popped up as Facebook was building a new way to share featured items on profiles, like a photo for example. Featured items are automatically set to “public,” so the suggested audience for all new posts – not just these items – was also set to public, she said.

The glitch is now fixed. Facebook also changed the sharing audience back to what affected people had been using before. Facebook’s letting people know, and asking them to doublecheck the fix, “out of an abundance of caution,” Egan said.

You’ll know if you’re one of the 14 million if, when you log in, you see a notification that leads to a page with more information, including a review of posts during the 18-22 May period.

When people post to Facebook, the service suggests a default distribution for their posts based on past privacy settings. If someone made all posts "friends only" in the past, it will set their next post to "friends only" as well. People can still manually change the privacy level of the posts — anywhere from "public" to "only me" — and this was the case while the bug was active as well.