clock menu more-arrow no yes mobile

Facebook’s latest privacy blunder, explained (again!)

A software bug messed with privacy settings for 14 million users, so here’s what you need to know.

Facebook CEO Mark Zuckerberg
Facebook CEO Mark Zuckerberg
Josh Edelson / AFP / Getty Images

Facebook’s year of privacy blunders got worse on Thursday when it was announced that as many as 14 million Facebook users, who thought they were posting items they only wanted their friends or smaller groups to see, may have unknowingly posted that content publicly.

The obvious question: How does that happen? And what does this mean for Facebook — which has already been responsible for a series of privacy blunders this year — and its users? So, here are some answers.

What happened?

Facebook is blaming a software bug for automatically changing an important privacy setting which determines who can see new posts from users. That setting is ”sticky,” which means it stays consistent from post to post unless it’s manually changed. So, if you share a post exclusively with your Facebook “friends,” all future posts will appear for that same group unless the setting is updated by you. Facebook said that software glitch changed that setting to “public” for 14 million users without any warning. Thus, people posting under the impression they were sharing with a smaller group of users may have unknowingly shared with everyone.

Why does it matter?

One of Facebook’s key promises to users is that they control who can see their content. A bug like this obviously undermines that promise and also erodes user trust, which was already a major issue given Facebook’s Cambridge Analytica privacy debacle.

This is the notification Facebook sent to affected users.

Why does this privacy stuff keep happening?

It seems as though there is one of these avoidable mistakes weekly, right? And it’s likely this won’t be the last privacy issue from Facebook this year, partly because the social network is under a microscope right now and any privacy snafus feel particularly troubling. But it’s also because your data is part of virtually every element of Facebook’s product — from profiles to private messages to targeted advertising. So when things go wrong, your privacy is usually involved.

Could this cause legal trouble for Facebook?

The FTC confirmed in March that it was investigating Facebook following the Cambridge Analytica privacy scandal earlier this year. That investigation is focused on whether or not Facebook violated a previously agreed-upon consent decree with the FTC, in which the company promised to create and uphold stricter privacy policies and controls. It doesn’t feel as though this new bug would trigger any concerns that Cambridge Analytica didn’t already surface. That said, consumers file lawsuits against companies all the time and it’s possible that a user who was impacted by this could sue Facebook.

What’s Facebook saying?

Here’s the company’s full statement, which it attributed to Chief Privacy Officer Erin Egan:

We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before — and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”

(We asked to interview Egan, but didn’t hear back.)

Is there any silver lining here?

You have to look pretty hard, but the fact that Facebook proactively alerted press and users to the issue before letting it come out some other way is, arguably, a good sign. Still, that is a very low bar these days when it comes to Facebook.

Do I need to do anything as a result?

The bug is fixed, and Facebook will alert you via a notification in News Feed if you were impacted. It’s still a good opportunity to review your own sharing settings. Visit “Settings,” then click on “Privacy” and look at the section that says, “Who can see your future posts?” This is where you can set a default privacy setting for the things you share going forward.

This article originally appeared on