Your private Facebook photos may not be as safe as you think after a massive insider theft

Think your private photos are safe on social media? You might want to rethink that as a former Meta engineer is currently under criminal investigation after it was discovered he secretly downloaded 30,000 private images from Facebook.

As reported by The Guardian, the employee in question allegedly created a script that allowed him to access Facebook users’ private photos while avoiding Meta’s internal security checks. While the incident itself occurred more than a year ago, details about it are just now coming to light as a result of the UK’s criminal investigation by the Metropolitan Police’s Cybercrime Unit.

After discovering the security breach, the engineer was fired, Meta upgraded its security systems and then handed things over to the police in the UK. The engineer was reportedly arrested in November 2025 and is currently on bail until May 2026. Likewise, affected Facebook users whose private photos were downloaded without their knowledge have also been notified.

As Cybernews points out, the former Meta engineer’s intent hasn’t been disclosed yet nor has the script he created to download private Facebook images without rousing suspicion. It’s also unclear as to whether or not he shared the code with others before leaving the company.

How to stay safe on social media

Just like when we discovered that Chrome’s incognito mode was never really private, this incident could be a wake-up call for how you use Facebook and other social media platforms. Yes, your photos are technically private but if an employee can pull off something like this, there’s still a chance that your pictures could end up in the wrong hands.

As such, you want to be extra careful when posting anything on social media. In the same way that you would with a public post, you should think twice before posting private photos online. Once an image is on another company’s servers, it could be made public either through an incident like this one or as the result of a data breach.

If you’re worried about your private photos being stolen and made public, then you might want to consider self-hosting them instead. While you can use one of the best cloud storage services to share your photos securely, you could also store them on a NAS device (network attached storage) and then share them that way as well.

Given what’s in your private photos, they could be misused to commit blackmail, make deepfakes or even be used in other cybercrimes. This is why you might want to consider investing in one of the best identity theft protection services. Although this isn’t a traditional case of identity theft, the cyber insurance these services provide can often be used to recover lost funds, especially if their terms cover modern threats like cyber extortion or reputational harm.

As a general rule, it’s always best to keep the old adage in mind that once something is on the internet, it’s there for good. Before you upload pictures privately on Facebook or any other social networking site, you first want to consider what would happen if those pics got out.

We could find out more about the exact tactics used by this ex-Meta engineer once this case goes to trial, but for now, this cautionary tale is an excellent reason to think twice before you post anything online.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• Your iPhone has a secret photo vault to keep pictures hidden — here's how to use it
• These are the best photo storage and sharing sites right now
• I used Meta AI to enhance my selfies — here's how to try it