Facebook said a software bug led some users to post publicly by default regardless of their previous settings. The bug affected as many as 14 million users over several days in May.
The problem, which Facebook said it has fixed, is the latest privacy scandal for the world’s largest social media company.
The glitch set a user’s post to be shared to “everyone”, even if a user had previously chosen a more restricted option, such as “friends of friends”.
“We’d like to apologise for this mistake,” said Erin Egan, Facebook’s head of privacy.
Users who may have been affected will be notified on the site’s newsfeed.
“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Ms Egan said.
“We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time.
“To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have. We’d like to apologise for this mistake.”
The glitch was active between 18 and 22 May, a spokeswoman added, but it took the site until 27 May to switch posts back to private – or whatever the user had typically used before the bug became apparent.
The news follows recent furore over Facebook’s sharing of user data with device makers, including China’s Huawei. The company is also still recovering from the Cambridge Analytica scandal, in which a Trump-affiliated data-mining firm got access to the personal data of as many as 87 million Facebook users.
TechCrunch’s Josh Constine reports that the bug occurred as Facebook was testing a new “featured items” section of people’s profiles that would be visible to the public, even if the rest of their profiles were private. In the process, Constine writes, “Facebook inadvertently extended that setting to all new posts from those users.”
Facebook users should monitor their privacy settings regularly as it seems accidents do happen.