Software bug flipped 14 million Facebook users to 'public'
Attivo Networks Blogs

Software bug flipped 14 million Facebook users to ‘public’

SC media logo

Over a 10-day period in May, a software bug automatically updated 14 million Facebook users’ privacy settings from Private to Public, exposing their posts to a wider audience.

Facebook was testing a feature designed to help users share content.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Facebook Chief Privacy Officer (CPO) Erin Egan said in a statement. “We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time.”

Pete Zaborsky, founder of, said the bug is “another reminder that users need to take their data-privacy into their own hands to ensure proper security measures.”

Noting Facebook’s pledge to notify those users affected, Andrew Proctor, a network engineer at OpenVPN, said: “because Facebook was able to revert all affected posts five days after the bug initially revealed the information, there are no immediate changes needed on your profile.”

Egan stressed the “bug did not impact anything people had posted before — and they could still choose their audience just as they always have.”

Proctor warned users to “be vigilant, however, about the information that may have been publicly shared, as it has now most likely been archived by data-mining third parties that actively monitor public Facebook profiles.”

Noting that “we have never really seen a massive bug like this before on social media,” Proctor said, “most users probably had not considered this kind of change to their profiles possible. It’s events like these that bring to light the potential vulnerabilities of social mediad and moving forward, users should be extra wary of their profile’s sharing settings.”

The bigger issue, Zaborsky said, is “users are still unaware of how much data they’re giving up, even when protocol is followed” and that “many don’t understand the basic fact that Facebook exists in order to collect and monetize your personal details.”

He called Facebook’s attempted reassurance “largely smoke and mirrors; designed to hide the hugely intrusive nature of Facebook itself.”


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published. Required fields are marked *

1 + 10 =

Ready to find out what’s lurking in your network?

Scroll to Top