London-Based Meta Engineer Faces Criminal Investigation Over Alleged Mass Photo Download
A former employee of Meta, the parent company of Facebook, is currently under criminal investigation by the Metropolitan Police's cybercrime unit. The engineer, who resides in London, is suspected of downloading approximately 30,000 private images from Facebook users while employed by the social media giant.
Alleged Security Breach and Company Response
According to court documents reviewed by the Press Association, the individual is alleged to have created a specialized script designed to circumvent Meta's internal detection systems. This allowed him to access and download the private photographs without triggering security alerts. Meta discovered the improper access over a year ago and immediately terminated the employee's contract.
The company has confirmed that affected users were notified of the breach. A Meta spokesperson stated, "Protecting user data is our top priority. After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement, and enhanced our security measures." Meta has cooperated fully with the ongoing investigation, which it initially referred to UK authorities.
Ongoing Police Investigation and Bail Conditions
The engineer is currently on police bail as the criminal probe continues. Recently, magistrates approved a variation of his bail conditions. He must now report to Metropolitan Police officers in May and inform the force of any plans for international travel. The investigation focuses on what police describe as a mass invasion of Facebook users' privacy.
Historical Context of Meta's Security Issues
This incident adds to a series of security concerns for Meta. In 2018, a bug affected up to 6.8 million Facebook users, granting third-party apps unauthorized access to private photos. In 2024, Meta was fined 91 million euros by Ireland's Data Protection Commission for storing millions of Facebook and Instagram passwords in plaintext, leaving them unencrypted.
Furthermore, this latest security issue emerges shortly after Meta and Google faced a landmark court defeat in Los Angeles. The companies were found liable for a woman's childhood social media addiction, a ruling that may significantly impact future platform operations and user protection standards.
The case highlights ongoing challenges in digital privacy and corporate accountability within the tech industry, particularly for London-based professionals working in high-stakes environments.
