A Facebook engineer is under criminal investigation over accusations he downloaded 30,000 private images from the social media platform.
The former Meta worker, from London, is believed to have designed a programme to be able to access the personal pictures while avoiding internal security checks.
A specialist detective from the Metropolitan Police's cybercrime unit is investigating the alleged mass invasion of Facebook users' privacy.
Meta said the suspected breach was discovered more than a year ago and the company itself referred the matter to police in the UK.
It added that the employee has since been sacked, affected Facebook users have been notified, and it has upgraded its security systems.
The engineer under suspicion, who lives in the capital, is currently on police bail.
According to court papers, he 'is alleged to have accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta'.
'It is alleged that he created a script designed to circumvent Meta's internal detection systems, allowing him to do so.'
The former Meta worker is believed to have designed a programme to be able to access the personal pictures while avoiding internal security checks.
Two weeks ago, two magistrates agreed to vary the man's police bail so that he must next report to Met officers in May and inform the force of any plans for foreign travel.
A Meta spokesperson confirmed the existence of the criminal investigation, saying: 'Protecting user data is our top priority.'
'After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures.'
'We are co-operating with the ongoing investigation.'
It is the latest incident which is sure to concern Facebook users. In 2018, it suffered a bug which was believed to have affected up to 6.8 million people and given third-party apps wider access to user photos on the social network.
In 2024, Meta was fined 91 million euro by the Data Protection Commission in Ireland over the way millions of Facebook and Instagram user passwords had been inadvertently stored in plaintext on its internal systems, meaning they were not protected by encryption.
The latest security concern has emerged after Meta, which also owns WhatsApp, suffered a landmark court defeat alongside Google last month after being accused of failing to protect its users from harm.
A court in Los Angeles found the companies liable for a woman's childhood social media addiction in a ruling which could have widespread ramifications for the way the platforms are operated in the future.