In a troubling revelation for social media users, a former Meta employee is at the centre of an investigation by the Metropolitan Police for allegedly downloading approximately 30,000 private photos from Facebook. The engineer, based in London, purportedly devised a programme that allowed him to access users’ personal images while circumventing security measures. This incident raises significant concerns about data privacy and the safeguarding of personal information on one of the world’s largest social networks.
What Happened?
The breach came to light over a year ago, prompting Meta to act swiftly. A spokesperson from the company confirmed that they terminated the employee’s contract as soon as the breach was discovered and subsequently alerted law enforcement authorities. The Metropolitan Police reported that the suspect, a man in his 30s, was arrested in November 2025 on charges of unauthorised access to computer material. He has since been released on bail and is required to return to the police in May.
Ongoing Investigations
This investigation is being led by the Metropolitan Police’s Cybercrime Unit, which received a referral from the Federal Bureau of Investigation (FBI) in the United States. Meta has also reached out to the users whose images were downloaded as part of this breach and has implemented enhanced security measures to prevent similar incidents in the future.
This incident highlights ongoing vulnerabilities in Meta’s security protocols, which have been under scrutiny for several years. The company, which also owns Instagram and WhatsApp, has faced multiple legal challenges and fines related to data protection and user privacy.
A History of Security Issues
In November 2022, the Irish Data Protection Commission (DPC) penalised Meta with a hefty fine of €265 million (£228 million) due to a breach that resulted in the exposure of personal details belonging to hundreds of millions of Facebook users. Just a year later, in September 2024, the DPC found that Meta had inadvertently stored user passwords without encryption, leading to another fine of €91 million (£75 million).
These incidents reflect a troubling pattern of security lapses within the organisation, raising serious questions about its commitment to protecting user data.
Legal Battles and User Impact
On top of these data breaches, Meta has recently faced legal scrutiny regarding the design of its platforms. In March, a California jury ruled that both Meta and Google intentionally created addictive social media experiences that negatively impacted the mental health of users, awarding $6 million (£4.5 million) in damages to a plaintiff known as Kaley. Both companies have stated their intention to appeal the decision.
These legal and financial repercussions underscore the significant challenges Meta faces as it navigates a landscape increasingly concerned with data privacy and user wellbeing.
Why it Matters
The investigation into this former employee serves as a stark reminder of the vulnerabilities that persist within digital platforms, particularly those handling vast amounts of personal data. As users become more aware and concerned about their online privacy, companies like Meta must not only enhance their security protocols but also restore trust with their users. This incident could potentially reshape how tech companies approach data protection and user privacy, influencing both policy and consumer behaviour in the years to come.
