Former Meta employee in London suspected of creating program to bypass security and access private Facebook images, leading to arrest by Metropolitan Police.
A former Meta employee living in London is under investigation by the Metropolitan Police after allegedly downloading approximately 30,000 private Facebook photos from users' accounts. The engineer, who has not been publicly named, is believed to have designed a custom program that allowed access to personal images while circumventing the platform's security measures.
According to a Meta spokesperson, the company discovered the breach over a year ago and immediately terminated the employee's contract before referring the matter to law enforcement. The Metropolitan Police confirmed that a man in his 30s was arrested in November 2025 on suspicion of unauthorized access to computer material. He has since been released on bail and is scheduled to report back to police in May.
The investigation is being handled by the Metropolitan Police's Cybercrime Unit, following a referral from the Federal Bureau of Investigation in the United States. Meta has stated that it notified the affected Facebook users whose images were downloaded and has since upgraded its security systems to prevent similar incidents.
This incident adds to a growing list of security and privacy concerns surrounding Meta, the parent company of Facebook, Instagram, and WhatsApp. In November 2022, Meta was fined €265 million (£228 million) by the Irish Data Protection Commission after the personal details of hundreds of millions of Facebook users were published online. More recently, in September 2024, the same regulatory body found that Meta had inadvertently stored certain user passwords on its internal systems without encryption, resulting in a €91 million (£75 million) fine.
The company has also faced legal challenges regarding the addictive design of its platforms. In March, a California jury found both Meta and Google liable for intentionally creating addictive social media platforms that harmed the mental health of a young woman known as Kaley. The plaintiff was awarded $6 million (£4.5 million) in damages, though both companies have announced their intention to appeal the verdict.
This latest breach highlights ongoing concerns about data security at major tech companies and the potential for insider threats, even from employees with authorized access to user data. As social media platforms continue to collect vast amounts of personal information, the importance of robust security measures and employee monitoring becomes increasingly critical.
Comments
Please log in or register to join the discussion