A former engineer at Meta is currently under criminal investigation by specialist detectives from the Metropolitan Police's cybercrime unit. The individual is suspected of downloading around 30,000 private images from Facebook users' accounts in a significant alleged breach of privacy.
Details of the Alleged Security Breach
The engineer, who was employed by the social media giant at the time, is believed to have designed a specific programme or script. This tool was allegedly created to access personal pictures while deliberately avoiding Meta's internal security checks and detection systems.
Company Response and Police Involvement
Meta has confirmed to the Press Association that the suspected breach was discovered more than a year ago. The company itself referred the matter to police authorities in the United Kingdom. A Meta spokesperson stated: "Protecting user data is our top priority. After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures."
The company added that affected Facebook users have been notified about the incident. The worker in question was promptly sacked following the discovery, and Meta says it has since upgraded its security systems to prevent similar occurrences.
Current Status of the Investigation
The engineer under suspicion, who resides in London, is currently on police bail while the criminal investigation continues. According to court papers seen by the Press Association, police allege he "accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta."
Two weeks ago, two magistrates agreed to vary the man's police bail conditions. He must now report to Metropolitan Police officers in May and inform the force of any plans for foreign travel. The investigation remains active as authorities examine the full extent of the alleged privacy invasion.
Historical Context of Facebook Security Issues
This latest security concern follows previous incidents involving Facebook's parent company. In 2018, a bug was discovered that potentially affected up to 6.8 million people, giving third-party apps wider access to user photos than intended.
In 2024, Meta was fined 91 million euro by the Data Protection Commission in Ireland. This penalty resulted from the way millions of Facebook and Instagram user passwords had been inadvertently stored in plaintext on internal systems, leaving them unprotected by encryption.
Broader Implications for Social Media Platforms
The investigation emerges shortly after Meta, which also owns WhatsApp, suffered a significant court defeat alongside Google last month. A court in Los Angeles found the companies liable for a woman's childhood social media addiction in a ruling that could have widespread ramifications for how platforms operate in the future.
This case highlights ongoing concerns about user privacy protection and internal security measures at major technology companies. As the criminal probe continues, it raises important questions about employee access to sensitive user data and the effectiveness of corporate safeguards against such breaches.
