The bug made sure that the posts could be viewed by anyone, including people not logged on to Facebook.
The bug, according to Erin Egan, Chief Privacy Officer at Facebook, occurred as the Facebook developers were building a new way to share featured items on users' profile, like a photo.
Since these featured items are public, the suggested audience for all new posts and not just these items was set to public.
"The problem has been fixed, and for anyone affected, we changed the audience back to what they had been using before," Egan said in a blog post late Thursday.
The revelation came after a New York Times report exposed how the social network allowed about 60 device makers, including Chinese smartphone players, to access personal information of users and their friends.
Facebook admitted sharing users' data with Chinese company Huawei facing the heat in the US over data privacy concerns along with three other China-based smartphone makers Lenovo, OPPO and TCL.
The latest bug affected audience selector that lets you decide who gets to see the post.
Starting Thursday, "we have started letting the 14 million people affected know and asking them to review any posts they made during that time.
"To be clear, this bug did not impact anything people had posted before, and they could still choose their audience just as they always have," Egan said.
It took Facebook developers five days to fix the bug.
"If you posted publicly (during the period May 18 to 27), you'll see a notification from Facebook when you log in that leads to a page with more information - including a review of posts during this period," said Egan.
Facebook is already under intense scrutiny for misuse of millions of its users' data after the Cambridge Analytica data leak scandal became public.