Former WhatsApp Security Executive Sues Meta Over Cybersecurity Violations
A former high-ranking cybersecurity official at WhatsApp has initiated legal proceedings, asserting that parent corporation Meta has willfully ignored significant vulnerabilities within the app’s digital security framework, thereby endangering billions of users.
The suit claims the company consistently breached cybersecurity regulations and retaliated against him for exposing these shortcomings.
Attaullah Baig, who held the position of head of security for WhatsApp from 2021 to 2025, contends that approximately 1,500 engineers possessed unfettered access to user data without appropriate oversight. This could be in direct contravention of a US governmental directive that imposed a $5 billion penalty on Meta in 2020.
Furthermore, he alleges that Meta neglected to address the daily hacking and compromise of over 100,000 accounts, dismissing his urgent recommendations for remedial measures in favor of prioritizing user expansion.
The lawsuit, lodged in a US federal court in San Francisco, accuses Meta of failing to establish fundamental cybersecurity protocols, which encompass proper data management and breach detection methods.
According to the comprehensive 115-page complaint, Baig uncovered through internal security assessments that WhatsApp engineers could manipulate or pilfer user data—including contact details, IP addresses, and profile images—without detection or an audit trail.
The filing claims Baig continuously expressed his concerns to senior executives, including WhatsApp’s head, Will Cathcart, and Meta’s CEO, Mark Zuckerberg. Notably, Meta acquired WhatsApp for $19 billion in 2014, and the application currently boasts a staggering three billion users, as reported by the parent company.
In response, Carl Woog, WhatsApp’s vice president of communications, remarked, “Unfortunately, this follows a familiar template where a former employee, after being dismissed for inadequate performance, publicly presents distorted allegations that misrepresent the diligent efforts of our team.”
Baig alleges he experienced escalating retaliation following his initial reports in 2021, encompassing unfavorable performance evaluations, verbal reprimands, and ultimately his termination in February 2025 for purported “poor performance.”
Meta has assertively maintained that Baig departed due to inadequate performance, with several senior engineers corroborating that his output fell short of expectations. The company further noted that the Department of Labor’s Occupational Safety and Health Administration dismissed Baig’s initial grievance, concluding there was no retaliatory action taken against him.
Prior to his tenure at Meta, Baig held various cybersecurity positions at renowned financial institutions, including PayPal and Capital One.
He has filed complaints with federal regulators, including the Securities and Exchange Commission, before advancing to the current legal action.
This case contributes to the ongoing scrutiny of Meta’s data protection measures across its platforms, which encompass Facebook, Instagram, and WhatsApp—serving billions of users worldwide.
The company’s prior agreement to a 2020 government settlement followed the Cambridge Analytica scandal, which involved the illicit collection of data from 50 million Facebook users. This consent order is set to remain in effect until 2040.
In his whistleblower complaint, Baig seeks reinstatement, back pay, compensatory damages, and the possibility of regulatory actions against Meta.
Source link: Theguardian.com.
