Facebook Blows It Again By Exposing 14 Million Private User's Posts Via A Settings Bug

When Facebook CEO Mark Zuckerberg recently testified before Congress, one of the common criticisms by multiple elected officials is that the social network has a history of screwing up in various ways, and then later apologizing and promising to do better. That's also what happened with the Cambridge Analytica scandal that prompted the testimony. Now just weeks later, Facebook is apologizing once again, this time for a bug that changed the default settings for millions of users, causing them to publicly share posts that they may have thought were private.

"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We’d like to apologize for this mistake," Erin Egan, Facebook’s chief privacy officer, said in a statement. "We have fixed this issue, and starting today we are letting everyone affected know and are asking them to review any posts they made during that time."

Facebook Bug

Facebook did not get into too many detailed specifics about the software bug, saying that it was a "mistake" and that it affected 14 million users, a large number in and of itself but a small portion of Facebook's more than 2 billion monthly active accounts. It occurred while Facebook was testing a new feature of some sort, and affected millions of users over the course of several days, spanning May 18 to May 22 of this year. On May 27, Facebook went back and changed the affected posts from public back to private.

A key privacy feature of Facebook is that it allows users to choose an audience for their posts. For example, a user could choose to share a vacation photo with a select group of friends or family members, or talk about a customer service experience in a public post for everyone to see, including people who are not logged into Facebook.

When a user chooses a privacy setting, it becomes the default for future posts, or at least that is how it's supposed to work. However, the software bug messed with the default setting and changed it to public for 14 million users.

"This bug occurred as we were building a new way to share featured items on your profile, like a photo. Since these featured items are public, the suggested audience for all new posts—not just these items—was set to public. The problem has been fixed, and for anyone affected, we changed the audience back to what they’d been using before," Egan added.

The incident is a reminder that only so much trust can handed over to Facebook. Some of the culpability here falls on any of the 14 million affected users who publicly posted content they assumed was private, as they still could have done so by double-checking the default setting and changing it back themselves. That said, this incident is another bad look for Facebook and its mission to respect its users' privacy.