A former Meta employee is facing criminal investigation following allegations that he downloaded approximately 30,000 private Facebook images. The engineer, who was working for the social media giant at the time, is suspected of designing a programme to access personal pictures while bypassing internal security checks.
A specialist detective from the Metropolitan Police’s cybercrime unit has launched an inquiry into the alleged mass invasion of Facebook users’ privacy. Meta confirmed that the suspected breach was discovered over a year ago, prompting the company to refer the matter to police in the UK.
The tech firm added that affected Facebook users have been notified, the individual was sacked, and its security systems have since been upgraded. The engineer, who resides in London, is currently on police bail as the criminal investigation continues.
According to court papers seen by the Press Association, police say he “is alleged to have accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta”.
“It is alleged that he created a script designed to circumvent Meta’s internal detection systems, allowing him to do so.”
Two weeks ago, two magistrates agreed to vary the man’s police bail so that he must next report to Met officers in May and inform the force of any plans for foreign travel.
A Meta spokesperson confirmed the existence of the criminal investigation, saying: “Protecting user data is our top priority.
“After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures.
“We are co-operating with the ongoing investigation.”
Facebook suffered a bug in 2018 which was believed to have affected up to 6.8 million people and given third-party apps wider access to user photos on the social network.
In 2024, it was reported that Meta had been fined 91 million euro by the Data Protection Commission in Ireland over the way millions of Facebook and Instagram user passwords had been inadvertently stored in plaintext on its internal systems, meaning they were not protected by encryption.
The latest security concern has emerged just after Meta, which also owns WhatsApp, suffered a landmark court defeat alongside Google last month after being accused of failing to protect its users from harm.
A court in Los Angeles found the companies liable for a woman’s childhood social media addiction in a ruling which could have widespread ramifications for the way the platforms are operated in the future.
