"We'd like to apologize for this mistake".
Matt Navarra, who describes himself as a social and digital media consultant, tweeted a screen grab of the alert to users.
Erin Egan, Facebook's chief privacy officer, says the bug did not affect past posts.
She said Facebook is also notifying users who posted publicly during the time the bug was active to review their posts. To be clear, this bug did not impact anything people had posted before - and they could still choose their audience just as they always have. "We'd like to apologise for this mistake".
'Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections, ' with data on more than 230 million American voters, Cambridge Analytica claims on its website.
What did the bug do?
Breast Cancer: Some Patients May Not Need Chemo-But Beware Misleading Headlines
Previous studies had made clear that women with low scores could skip chemotherapy and those with high scores should get it. A leading Scottish breast cancer charity described the findings as "incredible" and "game-changing".
Considering that Facebook has almost 2.2 billion users worldwide, the number of affected users is small. The company then recommends that users review whatever they've posted during this time.
The other options limit the audience, with most users typically posting updates that reach their friends.
Facebook posts typically default to the last "audience" a post was shared with, such as family members or friends. If they don't check to make sure that they have the correct settings before hitting "post", they may be sharing sensitive information with users they didn't intend to. The company says it was testing out a new feature, one that would suggest people share featured profile items publicly.
While relatively minor compared to recent issues facing the company, the glitch is another embarrassing slip-up for a firm already under heavy fire over privacy concerns.
Facebook confirmed earlier this week that China-based Huawei - which has been banned by the U.S. military and is a lightning rod for cyberespionage concerns - was among device makers authorized to see user data in agreements that had been in place for years.
Users who were affected by the bug will start receiving a notification on Facebook starting Thursday.