Over a 10-day period in May, a software bug automatically updated 14 million Facebook users' privacy settings from Private to Public, exposing their posts to a wider audience.
Facebook was testing a feature designed to help users share content.
"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts," Facebook Chief Privacy Officer (CPO) Erin Egan said in a statement. "We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time.”
Pete Zaborsky, founder of BestVPN.com, said the bug is “another reminder that users need to take their data-privacy into their own hands to ensure proper security measures.”
Noting Facebook's pledge to notify those users affected, Andrew Proctor, a network engineer at OpenVPN, said: "because Facebook was able to revert all affected posts five days after the bug initially revealed the information, there are no immediate changes needed on your profile."
Egan stressed the “bug did not impact anything people had posted before -- and they could still choose their audience just as they always have."
Proctor warned users to “be vigilant, however, about the information that may have been publicly shared, as it has now most likely been archived by data-mining third parties that actively monitor public Facebook profiles.”
Noting that “we have never really seen a massive bug like this before on social media,” Proctor said, “most users probably had not considered this kind of change to their profiles possible. It's events like these that bring to light the potential vulnerabilities of social mediad and moving forward, users should be extra wary of their profile's sharing settings.”
The bigger issue, Zaborsky said, is “users are still unaware of how much data they're giving up, even when protocol is followed” and that “many don't understand the basic fact that Facebook exists in order to collect and monetize your personal details.”
He called Facebook's attempted reassurance “largely smoke and mirrors; designed to hide the hugely intrusive nature of Facebook itself.”