Facebook engineer ‘designed programme to download 30,000 private images from UK accounts’
A former Facebook worker is under criminal investigation after he allegedly downloaded around 30,000 private images from the website.
The engineer was employed by Meta when he is suspected of designing a programme to access personal pictures while avoiding internal security checks.
Meta confirmed the suspected breach was discovered more than a year ago and the company itself referred the matter to police in the UK.
The company added affected Facebook users have been notified, the worker was sacked and it says it has upgraded its security systems.
The engineer under suspicion, who lives in London, is currently on police bail while the criminal investigation continues.
According to court papers, police say he ‘is alleged to have accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta’.
‘It is alleged that he created a script designed to circumvent Meta’s internal detection systems, allowing him to do so.’
Was your account affected?
Contact at brooke.davies@metro.co.uk
Meta: ‘Protecting user data is our top priority. After discovering improper access by an employee over a year ago, we immediately terminated the individual’s employment, notified users, referred the matter to law enforcement and enhanced our security measures.
‘We are co-operating with the ongoing investigation.’
The latest security concern has emerged just after Meta, which also owns WhatsApp, suffered a landmark court defeat alongside Google last month after being accused of failing to protect its users from harm.
A court in Los Angeles found the companies liable for a woman’s childhood social media addiction in a ruling which could have widespread ramifications for the way the platforms are operated in the future.
Facebook suffered a bug in 2018 which was believed to have affected up to 6.8 million people and given third-party apps wider access to user photos on the social network.
In 2024, it was also reported Meta had been fined nearly £80 million by the Data Protection Commission in Ireland over the way millions of Facebook and Instagram user passwords had been stored in plaintext on its internal systems.
This meant they were not protected by encryption.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.