Meta Employee Uses Custom Script to Bypass Facebook Systems

A former Meta engineer in London is under criminal investigation by the Metropolitan Police’s cybercrime unit after allegedly downloading approximately 30,000 private images from Facebook user accounts.

According to court documents and reporting from The Guardian and Mashable, the suspect is alleged to have developed a custom script specifically designed to bypass Meta’s internal security and detection systems. This program allowed the employee to access and download private user data without triggering the company’s security alerts.

Investigation and Company Response

Meta stated that the company discovered the improper access more than a year prior to the police investigation. Upon discovery, Meta terminated the employee, notified the affected Facebook users, and updated its security protocols to prevent similar breaches.

After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures

Meta statement to the BBC

Following the internal discovery and the termination of the worker, Meta referred the case to authorities in the United Kingdom. The suspect was arrested in November of the preceding year and is currently on police bail while the criminal investigation continues.

Recent court proceedings indicate that two magistrates agreed to vary the man’s police bail on March 25, 2026. Under the updated terms, the suspect must report to Metropolitan Police officers in May 2026 and provide notification of any intended foreign travel.

Technical Context and Privacy Implications

The case highlights the risk of insider threats within large-scale social media platforms, where employees with high-level technical access may attempt to circumvent internal controls. The use of a script to evade detection suggests a deliberate effort to hide unauthorized activity from automated security monitoring.

This incident follows other concerns regarding data privacy at Meta. The company has faced previous accusations of failing to appropriately notify users about privacy policies and the methods by which their data is accessed. More recently, concerns have been raised regarding the visibility of prompts used with Meta AI chatbots to the public.

In the broader context of AI development, Meta has implemented certain protections for user data. For features such as message summaries, the company utilizes Private Processing, a technology designed to encrypt messages sent to the AI to maintain user privacy.

The investigation remains ongoing as the Metropolitan Police cybercrime unit continues to probe the extent of the unauthorized downloads and the methods used to breach the internal security systems of the social media giant.