Former Facebook Engineer Accused of Downloading 30,000 Private Images in Alleged Security Breach

A former Facebook engineer is under criminal investigation for allegedly downloading approximately 30,000 private images from the social media platform. The individual, based in London, is accused of designing a custom script to bypass Meta's internal security systems, allowing unauthorized access to user photos. A specialist detective from the Metropolitan Police's cybercrime unit is handling the case, which has drawn significant attention due to the scale of the alleged breach.

Meta confirmed the suspected breach was discovered more than a year ago and that the company immediately referred the matter to UK law enforcement. The employee has since been terminated, and affected users have been notified. Meta has also taken steps to strengthen its security protocols, though details of these upgrades remain unspecified. The suspect, currently on police bail, is required to report to Metropolitan Police officers in May and inform authorities of any plans to travel abroad.

Court documents allege the individual accessed and downloaded the images while employed at Meta. The script he allegedly created was designed to circumvent the company's detection systems, enabling him to access private content without triggering alerts. The Metropolitan Police's investigation is ongoing, with officials emphasizing the seriousness of the alleged breach. Meta has reiterated its commitment to user data protection, stating it cooperated fully with the investigation and took immediate action upon discovering the unauthorized access.

The Information Commissioner's Office (ICO) has acknowledged the incident, highlighting its ongoing engagement with Meta and other platforms to ensure data protection standards are met. The ICO stressed that users should trust their personal information is handled responsibly, though no immediate regulatory action has been announced. This case follows a history of security lapses at Meta, including a 2018 bug affecting 6.8 million users and a 2024 fine of €91 million from Ireland's Data Protection Commission over inadequate password encryption.

The latest controversy emerged after Meta faced a landmark court ruling in Los Angeles, where it was held liable alongside Google for failing to protect a user from childhood social media addiction. The decision, which could reshape platform operations, adds to growing scrutiny over Meta's data practices. As the investigation into the alleged image downloads continues, users and regulators alike are watching closely, demanding accountability and stronger safeguards to prevent future breaches.