Facebook just can’t get it together as we learn about another major privacy breach on their platform. This time it was caused by an internal bug that caused any new posts created by 14 million Facebook users to be posted publicly rather than using their default setting.

When posting on Facebook, users have the ability to specify who can see their posts by using a drop down menu where they can select “Public” (anyone), “Friends”, or “Friends and Connections”.  This drop down menu is called the “audience selector” and will retain the setting that you previously used for new posts going forward.

According to CNN, between May 18th and the 22th a bug caused around 14 million people to have their default sharing settings set to “Public” for any new Facebook posts that were created. This means any posts that they made could be read by anyone regardless of their default setting.

Facebook told BleepingComputer that the “error occurred while we were building a new way to share featured items on your profile, like a photo. Since these featured items are public we inadvertently made the suggested audience for all new posts — not just these items — Public.”

After the bug was detected, Facebook engineers spent an additional 5 days resetting any new posts made by these users to the default setting that they had previously been using.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” said Erin Egan, Facebook’s chief privacy officer. “We have fixed this issue and starting today we are letting everyone affected know and asking them to…

[SOURCE]