Facebook has another privacy screw-up on its hands. A bug in May accidentally changed the suggested privacy setting for status updates to public from whatever users had set it to last, potentially causing them to post sensitive friends-only content to the whole world. Facebook is now notifying 14 million people around the world who were potentially impacted by the bug to review their status updates and lock them down tighter if need be.
Facebook’s Chief Privacy Officer Erin Egan wrote to TechCrunch in a statement:
“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”
[Clarification: No existing status updates had their privacy setting changed. The composer’s setting was changed, so any posts published by affected users during the bug might have been shared publicly when users assumed their composer was still set to something more private.]
The bug was active from May 18th to May 22nd, but it took Facebook until May 27th to switch people’s status composer privacy setting back to what it was before the issue. It happened because Facebook was building a “featured items” option on your profile that highlights photos and other content. These featured items are publicly visible, but Facebook inadvertently extended that setting to all new posts from those users.
The issue has now been fixed, and everyone’s status composer has been changed back to default to the privacy setting they had before the bug. The notifications about the bug leads to a page of info about the issue, with a link to review affected posts.
Techcrunch event
San Francisco | October 13-15, 2026
Facebook tells TechCrunch that it hears loud and clear that it must be more transparent about its product and privacy settings, especially when it messes up. And it plans to show more of these types of alerts to be forthcoming about any other privacy issues it discovers in the future.
Facebook depends on trust in its privacy features to keep people sharing. If users are worried their personal photos, sensitive status updates, or other content could leak out to the public and embarrass them or damage their reputation, they’ll stay silent.
With all the other issues swirling after the Cambridge Analytica scandal, this bug shows that Facebook’s privacy issues span both poorly thought-out policies and technical oversights. It moved too fast, and it broke something.
Josh Constine is a Venture Partner at ~$3 billion AUM early-stage VC fund SignalFire where he invests in pre-seed startups with a focus on consumer. He teaches startup pitch writing and fundraising strategy as a recurring lecturer at the Stanford Graduate School Of Business, and with accelerators like Z Fellows, Inception Studios, and Stanford ASES. Previously, Constine was Editor-At-Large for TechCrunch where he wrote 4000 articles and was ranked the #1 most cited tech journalist in the world from 2016-2020 by Techmeme. Constine has led 300+ on-stage interviews and keynotes in 18 countries with luminaries including Mark Zuckerberg and the CEOs of Shopify, DoorDash, Snapchat, Instagram, and more. Constine graduated from Stanford University with a Master’s degree he designed in Cybersociology, and wrote his thesis in 2008 on why remixable memes would be the future of marketing. He has been quoted in the NYT and WSJ, is regularly featured on CNN for his thoughts on AI and Silicon Valley, and advises startups on PR, fundraising, and organic growth.