Facebook has another privacy screw-up on its hands. A bug in May accidentally changed the suggested privacy setting for status updates to public from whatever users had set it to last, potentially causing them to post sensitive friends-only content to the whole world. Facebook is now notifying 14 million people around the world who were potentially impacted by the bug to review their status updates and lock them down tighter if need be.
Facebook’s Chief Privacy Officer Erin Egan wrote to TechCrunch in a statement:
“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”
[Clarification: No existing status updates had their privacy setting changed. The composer’s setting was changed, so any posts published by affected users during the bug might have been shared publicly when users assumed their composer was still set to something more private.]
The bug was active from May 18th to May 22nd, but it took Facebook until May 27th to switch people’s status composer privacy setting back to what it was before the issue. It happened because Facebook was building a “featured items” option on your profile that highlights photos and other content. These featured items are publicly visible, but Facebook inadvertently extended that setting to all new posts from those users.
The issue has now been fixed, and everyone’s status composer has been changed back to default to the privacy setting they had before the bug. The notifications about the bug leads to a page of info about the issue, with a link to review affected posts.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Facebook tells TechCrunch that it hears loud and clear that it must be more transparent about its product and privacy settings, especially when it messes up. And it plans to show more of these types of alerts to be forthcoming about any other privacy issues it discovers in the future.
Facebook depends on trust in its privacy features to keep people sharing. If users are worried their personal photos, sensitive status updates, or other content could leak out to the public and embarrass them or damage their reputation, they’ll stay silent.
With all the other issues swirling after the Cambridge Analytica scandal, this bug shows that Facebook’s privacy issues span both poorly thought-out policies and technical oversights. It moved too fast, and it broke something.
