The team of content moderators tasked with removing terrorist content from Facebook are forced to see a lot of terrible things, and are paid very little for their efforts. To make matters worse — and perhaps dangerous — the site also accidentally revealed the identities of its moderators to potential terrorists, according to a new bombshell report in The Guardian.

The security glitch was allegedly discovered in November 2016 when content moderators began to receive friend requests from the radial groups they were monitoring. The bug allowed for group admins to see the personal profiles of moderators within a shut-down group’s activity log. If a group had multiple admins, they would be able to view who made changes to their page. The flaw lasted for about a month, and retroactively showed moderator info stretching back months.

For its part, Facebook downplayed the threat faced by its employees.

“Our investigation found that only a small fraction of the names were likely viewed, and we never had evidence of any threat to the people impacted or their families as a result of this matter,” the site’s spokesman said.

However, Facebook’s own actions contradict its supposed lack of concern. The site offered new home security systems to several “high priority” moderators, plus company transport and counseling. One moderator even left his home country of Ireland for fear of retribution.

Rare is the security risk that so directly puts people’s lives in danger, but this is one, and Facebook is lucky nothing terrible happened as a result of its error.