Facebook said today that as many as 14-million Facebook users who thought that they were making posts that were only viewable by their friends may have had their content shared with the world.
From May 18th through May 22nd, as Facebook was testing a new feature, a software bug caused millions of people to have their default setting for all new posts set to “public” (i.e., viewable by anyone). After Facebook discovered the bug, the social media giant changed the privacy settings for all posts made during the 4 day period by the 14 million impacted users to “Friends Only.” Impacted users have received, or will receive, a notification from Facebook urging them to “Please Review Your Posts,” with a link to a list of posts that they made on Facebook during the relevant period.
If you are an affected user, and you normally make posts that you intend to be public, you should review the posts, as some of the posts that you intended to share with the world may no longer be visible to people who are not your Facebook friends.
This episode should underscore the importance of one of the pieces of advice that I have been giving people since the dawn of the social media era – and which I bolded due to its importance when discussing the Facebook-Cambridge Analytica snafu in March:If you have information that you don’t want the public to have – do not share it on Facebook. Do not rely on privacy settings – just do not share it. #CyberSecurity #SocialMedia Click To Tweet
History and experience teach us to assume that every significant piece of software has, or will eventually have, bugs. Facebook is no exception. While it is fine to use privacy settings, do not rely on them to protect truly confidential information – keep it off of social media.
Also, keep in mind that “friend networks” typically extend way beyond the circle of folks who are truly one’s friends. And when it comes to “friends of friends” visibility – consider how many people can see a post or comment if you and your friends each have 2,500 Facebook friends… the number could be well into the millions. For both of these reasons, the team at SecureMySocial always refers to such posts as “semi-private” – such posts’ visibility may be restricted with privacy settings, but they are certainly not truly private.