The users, whose posts typically defaults to a selected privacy setting, didn't know that a simple message to a person is actually being shared with the general public due to this bug.
This bug was active from May 18 to May 27, Facebook said.
It changed users' privacy settings to public, without them knowing.
The company said the problem has been fixed, adding that it will notify the 14 million users who could have been affected, starting Thursday.
"Starting today we are letting everyone affected know and asking them to review any posts they made during that time. We'd like to apologize for this mistake," CNBC quoted the chief privacy officer Erin Egan as saying.
The social media giant had been under scanner lately for the growing online data-privacy concerns like providing privileged access to its API with Chinese companies including Huawei, Lenovo, Oppo, and TCL, data breaching by data analytics company Cambridge Analytica.
EXPLAINED: Cambridge Analytica, Facebook and the data breach
How to save democracy from Facebook
The Facebook Menace
How Modi govt had once used Facebook, Google for digital push
Vote: Will you delete your Facebook account?