A bug active for more than a week in May could have made private messages public, said Facebook on Thursday.
The company believes that as many as 14 million users could have been affected.
A Facebook user's post automatically defaults to a preselected privacy setting, however, the bug — which was active from May 18 to 27 — could have changed those settings to public.
The social network said it went back and re-engaged the preferred security settings on the affected posts and that the problem had been fixed. Facebook will now work on notifying the 14 million users who may have been affected with an alert in their notifications.
"Starting today we are letting everyone affected know and asking them to review any posts they made during that time," chief privacy officer Erin Egan said in a statement.
This adds to the times Facebook has had to publicly apologise for their security mishaps in the past few months since the revelation that Cambridge Analytica — a political consulting firm — obtained data for as many as 87 million people without consent.