Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Meta employee allegedly used script to capture private photos of Facebook users
The allegation gained traction after the case was published by The Guardian. The investigation indicates that the unauthorized access occurred while the professional was still part of the company’s team. Court documents cited by the British press suggest that he created a script to bypass internal security barriers and, thus, downloaded approximately 30,000 private images of people using the platform.
This is not just any technical detail. When an employee manages to bypass internal control layers, the problem ceases to be merely operational failure and raises an uncomfortable question: to what extent can tech giants prevent abuses committed by those who already know the shortcuts of the house?
Meta itself reported that it discovered the violation over a year ago, fired the employee, notified the affected users, reported the case to the authorities, and reinforced security systems.
-
A diver found a 900-year-old sword at the bottom of the Mediterranean Sea, and its state of preservation impressed scientists so much that it could rewrite what is known about the Crusades.
-
The city has 33 islands, urban beaches, and the highest education rating among all the capitals of Brazil, but almost no one remembers it when thinking about living or traveling in the Southeast.
-
Drones come into action as teams of young people build 74 artificial dams and 100 rock structures to contain erosion, restore threatened streams, and try to return moisture and stability to degraded areas.
-
Have you ever wondered why the clock shows 60 minutes and not 100? The answer involves a mystery of 5,000 years that began in Mesopotamia, and no one has been able to change it to this day.
“After discovering the improper access by an employee over a year ago, we immediately fired the individual, notified users, referred the case to law enforcement, and strengthened our security measures. We are cooperating with the ongoing investigation,” said a Meta spokesperson to the Guardian.
Man was fired, reported to police, and continues under investigation
The man suspected was released on bail, but the case is far from cooling down. The investigation is in the hands of the cybercrime unit of the Metropolitan Police in London.
Information published by the British press shows that he remains on conditional release while the investigations progress and still needs to comply with conditions imposed by the authorities, such as reporting international travel and reappearing to the police in May.
The episode has also come to the attention of the Information Commissioner’s Office, the British body responsible for data protection.
This matters because, in the UK, a leak or unauthorized access to personal data can lead to serious regulatory consequences, especially if it is proven that the company’s safeguards were insufficient to prevent the abuse.
Experts consulted by international coverage assess that Meta may escape direct liability if it demonstrates that it maintained adequate controls. On the other hand, if significant failures in data protection emerge, the case could open the door to fines and other legal measures.
Private photos of Facebook users
For Facebook users, the story weighs heavily because it touches on a sensitive point: the expectation that private content remains private, even within the structure of the company itself.
The ICO’s guide on data breaches makes it clear that when an incident poses a high risk to the rights and freedoms of affected individuals, the organization must notify these individuals without undue delay and, when applicable, notify the supervisory authority within 72 hours of becoming aware of the issue.
This context helps to understand why Meta emphasized that it notified the affected individuals and alerted the police as soon as the case came to light.
The embarrassment for the company increases because Meta itself has publicly reinforced its discourse on data protection.
In January 2025, the company stated that it had invested over $8 billion in rebuilding its privacy program since 2019, in addition to saying that it expanded policies, governance, and control tools for users.
In practice, the case in London shines a harsh light on this promise: it is not enough to announce a billion-dollar investment when unauthorized internal access can reach thousands of private images.
Meta employee exposes a problem that goes beyond a single man
This is where the issue stops being merely criminal and becomes a trust test as well. The case is not just about a Meta employee or a single man suspected of acting alone.
It exposes the growing pressure for platforms to have stricter internal mechanisms, real tracking of sensitive accesses, and quick responses when something goes out of control.
The Meta Privacy Center currently focuses on guidance about account security, two-factor authentication, post sharing, and reviewing old content, but the episode shows that a tool for the end user alone does not resolve the gap created by internal misuse.
For those who publish photos, store memories, and share personal moments on the social network, the feeling is direct: when there is suspicion of irregular access from within, the damage to trust is often as significant as the technical damage. And this explains why the case draws attention far beyond London.
It affects the relationship between platform, privacy, and responsibility at a time when tech companies are being pressured to prove, with concrete measures, that they can protect what they promise to keep safe.
If this case has also raised an alert in you, leave your comment and share this post with others who use Facebook in their daily lives.
Seja o primeiro a reagir!