The company says it has been removing Mr Zuckerberg’s messages from the inboxes of various people for several years and the recipients were not informed before that happened.
Facebook made the acknowledgement on Friday after TechCrunch first reported the tactic.
They say it began erasing the messages of Mr Zuckerberg and a few other top executives in 2014 after computer hackers obtained and released emails from Sony Pictures executives.
The Sony messages included disparaging remarks about movie stars and other people in the entertainment industry.
Although the ability to automatically delete sent texts had not been previously available, Facebook says it now plans to make it available to all users.
The company apologised for not doing so sooner.
Meanwhile chief operating officer Sheryl Sandberg earlier on Friday said the company should have conducted an audit after learning that a political consultancy improperly accessed user data nearly three years ago.
She told NBC’s Today show that at the time, Facebook received legal assurances Cambridge Analytica had deleted the improperly obtained information.
“What we didn’t do is the next step of an audit and we’re trying to that now,” she said.
The audit of Cambridge Analytica is on hold, in deference to a UK investigation, however Facebook has been conducting a broader review of its own practices and how other third-party apps use data.
In addition, it announced on Friday it will require advertisers who want to run not just political ads, but also or so called “issue ads” - which may not endorse specific candidates or parties but discuss political topics - to be verified.
Facebook is trying to strengthen its system ahead of this year’s US midterm elections as well as upcoming elections around the world.
It has already required political ads to verify who is paying for them and where the advertiser is located. The issue ads requirement is new.
Facebook will also require the administrators of pages with a “large number” of followers to also be verified, though the company did not say what this number would be.
The move is intended to clamp down on fake pages and accounts that were used to disrupt the 2016 presidential elections in the US.
Facebook says page administrators and advertisers will be verified by being asked to provide a government-issued ID.
To verify addresses, it will mail a postcard with a unique code the recipient can then enter into the site. This is similar to how Airbnb and other services verify addresses.
The company is facing a global backlash over the improper data-sharing scandal with hearings over the issue scheduled in the US, and the European Union is considering what actions to take against the company.
Ms Sandberg also told NBC that if users were able to opt out of being shown ads, “at the highest level, that would be a paid product”. This does not mean the company is planning to let users do this.
Mr Zuckerberg has made similar statements in the past, but has added that Facebook remains committed to offering a free service paid for by advertising.
Facebook users can opt out of seeing targeted ads, but can not shut off ads altogether. Neither can they opt entirely out of Facebook’s data collection.
Ms Sandberg gave several interviews as Mr Zuckerberg prepares to testify before Congress next week, where the issue of elections meddling is almost certain to come up.
Facebook is also facing an investigation by the Federal Trade Commission in what has become its worst privacy crisis in its 14-year history.
It started with revelations that Cambridge Analytica, a data-mining firm, improperly accessed the private information of tens of millions of users to try to influence elections around the world.
Over the past three weeks the scandal continued to spiral. For one, Facebook executives took nearly five days to respond to the Cambridge Analytica reports.
Then, some users who logged in to Facebook through Android devices discovered Facebook had been collecting information about phone calls they made and text messages they sent.
Facebook also acknowledged that nearly all of its 2.2 billion users may have had their public data scraped by “malicious actors” it did not name.