Facebook revealed Friday that a bug in its system accidentally exposed the private photos of up to 6.8 million users — the latest in a series of data spills that have attracted worldwide regulatory heat.

In a Friday blog post, the social networking giant said the breach occurred between Sept. 13 and Sept. 25, and that certain third-party apps were given access to a “broader set of photos than usual.”

After users give permission to an app to access their Facebook photos, the app usually only has access to the user’s timeline photos. But the 12-day breach in September allowed apps to access photos that were uploaded but not yet made public on Facebook, as well as photos on Facebook’s Marketplace and Stories features, Facebook said.

The bug affected up to 1,500 apps created by 876 developers, Facebook said, without offering more details. Potentially affected users will be notified by Facebook and will be directed to review the apps that have access to their photos.

“We’re sorry this happened,” Facebook said in a blog post Friday morning.

The Mark Zuckerberg-led company, however, did not say why it waited nearly three months to disclose the issue.

Facebook shares were down 1 percent at $143.52 in early afternoon trades.

The photo breach is the latest fumble of user data that has forced Facebook to apologize.

Early this year, it was revealed that political consulting firm Cambridge Analytica gained access to the data of 87 million Facebook users without their permission and used that information to sway elections.

In September, Facebook disclosed yet another security breach in which hackers could have controlled users’ accounts. Facebook initially said the breach affected 50 million users, but it reset the security tokens of 90 million users as a precaution.