A former Meta engineer is facing a serious criminal investigation by London's Metropolitan Police cybercrime unit over allegations he downloaded approximately 30,000 private Facebook images while employed by the social media giant. The individual, who resides in London, is suspected of creating a specialised script designed to circumvent Meta's internal security detection systems, enabling unauthorised access to users' personal photographs.
Police Investigation and Company Response
The Metropolitan Police's specialist cybercrime detectives have launched a formal inquiry into what appears to be a significant breach of Facebook users' privacy. According to court documents reviewed by the Press Association, police allege the engineer "accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta." The investigation began after Meta discovered the improper access over a year ago and promptly referred the matter to UK law enforcement authorities.
Meta has confirmed the criminal investigation and stated that affected Facebook users have been notified about the privacy breach. The company emphasised that protecting user data remains its top priority and revealed that the employee was immediately terminated upon discovery of the misconduct. Furthermore, Meta has implemented enhanced security measures to prevent similar incidents in the future.
Legal Proceedings and Bail Conditions
The engineer is currently on police bail as the investigation continues. Two weeks ago, magistrates agreed to modify his bail conditions, requiring him to report to Metropolitan Police officers in May and inform the force of any planned foreign travel. This development indicates the ongoing nature of the criminal probe and the seriousness with which authorities are treating the alleged privacy violations.
A Meta spokesperson stated: "After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures. We are co-operating with the ongoing investigation."
Historical Context of Meta's Privacy Challenges
This latest security concern emerges against a backdrop of previous privacy issues faced by Meta and its platforms. In 2018, Facebook experienced a bug that potentially affected up to 6.8 million users, granting third-party applications wider access to user photographs than intended. More recently, in 2024, Meta was fined 91 million euros by Ireland's Data Protection Commission after it was discovered that millions of Facebook and Instagram user passwords had been stored in plaintext within internal systems, leaving them unprotected by encryption.
The timing of this investigation is particularly noteworthy as it follows a landmark court defeat for Meta and Google last month. A Los Angeles court found both companies liable for a woman's childhood social media addiction in a ruling that could have significant implications for how social media platforms operate and protect users in the future.
As the criminal investigation progresses, this case highlights ongoing concerns about data protection within major technology companies and the vulnerabilities that can exist even within sophisticated security systems. The incident serves as a reminder of the constant challenges facing social media platforms in safeguarding user privacy against both external threats and potential internal misconduct.
