The glitch set a user’s post to be shared to "everyone", even if a user had previously chosen a more restricted option, such as “friends of friends”.
“We’d like to apologise for this mistake,” said Erin Egan, Facebook’s head of privacy.
Users who may have been affected will be notified on the site’s newsfeed.
"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Ms Egan said.
"We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time.
"To be clear, this bug did not impact anything people had posted before - and they could still choose their audience just as they always have. We’d like to apologise for this mistake."
The glitch was active between 18 and 22 May, a spokeswoman added, but it took the site until 27 May to switch posts back to private - or whatever the user had typically used before the bug became apparent.
What did the bug do?
When users post to Facebook, there is a menu option that dictates who sees that post. If the user chooses public, anyone can view that post.
The other options limit the audience, with most users typically posting updates that reach their friends.
Facebook remembers what setting you last chose and automatically selects it the next time you make a post.
However, between 18 and 22 May this year, the bug would set posts to “public” even if the user had, in the previous post, chosen something more private.
If the user did not notice the setting had changed, they may have posted something publicly that was not intended for that wider audience.
Facebook said it estimates 14 million people did so - and so has started notifying users. In the meantime, it has reverted the audience for any affected posts to whatever setting the user had selected previously.