Facebook has admitted to an incredibly embarrassing bug -- one that encouraged 14 million users to share posts publicly when they intended them to be private.
According to Facebook, only four days worth of posts could have been accidentally shared -- ones published between May 18 and May 22, and the company has automatically changed them back to private, too. Your secrets are safe -- unless someone saw them, of course.
Facebook says it didn't make the posts private again until May 27, so it's possible that mere acquaintances could have seen sensitive info during that nine-day span. Affected users will see a "Please review your posts" pop-up in their Facebook feed so they can review what private details they might have accidentally leaked.
Here's the full statement from Facebook Chief Privacy Officer Erin Egan:
"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have. We'd like to apologize for this mistake."
How did this happen? The company says it was testing out a new feature, one that would suggest people share featured profile items publicly. But Facebook accidentally set "public" as the default for posts, too. If you shared a post to Facebook during that period, and didn't notice that your default sharing setting had changed, you would have broadcast it out to the world.
At a time when trust in Facebook is rather low, it's terrible timing for the company to have an error like this -- and pretty incredible to see that the metaphorical flip of a switch could lead to so many people's privacy settings changing, even temporarily.
Originally published June 7 at 1:59 p.m. PT.
Update, 4:58 p.m. PT: Clarified that the Facebook bug didn't make existing private posts public, but rather changed the default sharing setting for new posts to public rather than private, which could (and did) broadcast some posts that were meant to be private.
Disclosure: Sean Hollister's wife works for Facebook as an internal video producer.