If you didn’t think this year could possibly get any worse for Facebook, it just proved you wrong. Adding to a slew of privacy concerns, the beleaguered social giant informed more than 14 million users today that a bug in its system inadvertently set their new posts to public.
Facebook said the bug was active starting May 18. It took four days to fix the error, but posts weren’t reverted back to their respective privacy settings until May 27.
Here are all the details on Facebook’s new privacy scandal:
— Josh Constine 📶🔥 (@JoshConstine) June 7, 2018
-A bug changed that status composer default to public for 14M users
-Bug is fixed, but was active May 18-27
-Fb is notifying affected users with this prompt to review statuses from thenhttps://t.co/qUaTgNGaAi pic.twitter.com/BeqZawVQTM
The privacy settings dictating who sees your Facebook post are typically set by your past actions. If you set uploaded photos to only be seen by your friends, then the next photo you upload will automatically default to the same selection. Similarly, if you choose “only me” on several consecutive posts, that privacy setting will eventually become the default since Facebook assumes it’s your preference going forward.
The bug tampered with the setting, causing it to change the default to “public,” even if someone had submitted all other posts privately. This is a serious concern for anyone who posted sensitive information, like their phone number, home address, or payment details to a friend thinking it was private. The only users protected from the glitch are those who noticed their privacy settings were wrong before posting and changed them back.
“We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time,” said Erin Egan, Facebook’s chief privacy officer, in a statement. “To be clear, this bug did not impact anything people had posted before—and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”
Users affected by the bug will start receiving notices explaining that their posts may have been made public and potentially viewed by anyone who was snooping around for personal information. It will also include a link to what they may have shared during the vulnerability and encourage them to review their posts.
The glitch couldn’t have come at a worse time for Facebook, a company that has been deflecting privacy and security concerns since it was discovered that a political data firm exploited the personal information of 87 million users. It may as well start readying its responses to what is sure to be a barrage of questions about this latest misstep.