Facepalm: It’s a case of ‘another day, another privacy controversy’ for Facebook. While this incident isn’t quite as bad as the Cambridge Analytica scandal or the recent data-sharing revelations, it’s another PR blow for the social network.

Facebook is informing 14 million users that what they assumed were private posts could have been viewable by the public. A bug caused the users' “suggested” sharing option to be set to “public” by default, rather than basing the suggestion on previous activity. If someone posted an update without noticing that the default setting had changed, a message intended only for friends and family would have been available for anyone to see.

The problem was due to a bug that appeared while Facebook was testing a new option called “featured items,” which highlights certain content and makes it publicly visible. The bug caused the “public” setting to apply to all posts, not just the featured items.

The problem was present between May 18 and May 27, and although Facebook corrected the default setting on May 22, it took another five days before it could make the affected posts private again.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Facebook Chief Privacy Officer Erin Egan said in a statement. “We have fixed this issue and starting today, we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”

Facebook will be notifying affected users by June 7 via an alert in their notifications.

Earlier this week, it was revealed that Facebook had reached agreements with 60 device makers that allowed them access to large amounts of user data. Four of these were Chinese firms, including Huawei, which has raised security concerns among US government officials.