Former Meta Employee Exfiltrates 30,000 Private Facebook Images
What Happened — A former Meta employee in London authored a custom script that bypassed internal detection systems and downloaded roughly 30,000 private photos from Facebook users. The Metropolitan Police cybercrime unit is now investigating the insider‑theft case.
Why It Matters for TPRM —
- Insider‑driven data exfiltration can bypass even mature zero‑trust controls.
- Exposure of personal media heightens reputational risk and potential regulatory scrutiny for platforms handling user‑generated content.
- The incident underscores the need for continuous monitoring and rapid de‑provisioning of privileged accounts.
Who Is Affected — Social media platforms, cloud‑hosted SaaS providers, and any organization that stores private user‑generated content.
Recommended Actions — Review vendor insider‑threat programs, verify least‑privilege access enforcement, confirm MFA and session‑monitoring are active for privileged roles, and audit de‑provisioning processes for departing staff.
Technical Notes — Attack vector: insider with privileged access who wrote a bespoke data‑scraping script to evade detection. No public CVE; data type: private user images (potentially containing personally identifiable information). Source: Malwarebytes Labs