Facebook announced on Friday that the social network had exposed the private photos of millions of users without their permission. The company said a bug recently allowed third-party app developers to access photos people may not have shared publicly. Facebook believes as many as 6.8 million users could be affected. The Irish Data Protection Commission, the body that oversees Facebook’s compliance with European regulations, said on Friday that it had launched a “statutory inquiry” into Facebook as a result of multiple breaches the company had informed them about this year. Photos that users started to upload to Facebook but did not post could have been accessed, along with images posted to Facebook Stories, Tomer Bar, an engineering director at Facebook, wrote in a blog post. “We’re sorry this happened,” he added. Users’ photos were exposed over a 12 day period in September, the blog post said. When asked why Facebook waited to inform the public of the issue, a Facebook spokesperson told CNN Business, “We have been investigating the issue since it was discovered to try and understand its impact so that we could ensure we are contacting the right developers and people affected by the bug. It then took us some time to build a meaningful way to notify people, and get translations done.” The information Facebook gives to third-party app developers continues to be under scrutiny. Earlier this year, a data scientist working for Cambridge Analytica revealed the company had several years ago used the system to gather data on tens of millions of Americans. As a result of this bug, the company said it believes the photos could have been accessed by 1,500 apps built by 876 developers. Facebook said it will notify people potentially impacted by the bug.