Former WhatsApp employee sues Meta over alleged security flaws
Attaullah Baig, who served as WhatsApp's head of security from 2021 until early 2025, alleged in his complaint that the app contained 'systemic cybersecurity failures' that allowed up to 1,500 Meta engineers unrestricted access to sensitive user information without adequate oversight.
ADVERTISEMENT
A former senior WhatsApp executive has filed a lawsuit against Meta Platforms Inc., accusing the company of overlooking severe security and privacy weaknesses in the messaging app that could put billions of users' data at risk, CNBC reported.
Attaullah Baig, who served as WhatsApp's head of security from 2021 until early 2025, alleged in his complaint that the app contained 'systemic cybersecurity failures' that allowed up to 1,500 Meta engineers unrestricted access to sensitive user information without adequate oversight.
According to the 115-page complaint, Baig's internal security testing revealed that WhatsApp developers could "move or steal user data" - including contact lists, IP addresses, and profile photographs - without detection or audit trails, as per the report.
He also alleged that WhatsApp failed to establish basic security protocols such as a 24-hour security operations center, reliable breach detection systems, or a comprehensive inventory of servers storing user data.
Meta acquired WhatsApp in 2014 for $19 billion, and the app now has more than three billion users globally. In response to Baig's lawsuit, a Meta spokesperson rejected the allegations, telling CNBC: "Sadly, this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team."
While the lawsuit does not allege that user data has already been leaked, it argues that Meta's lapses created serious compliance and regulatory risks.
The complaint also details alleged retaliation, claiming Baig began receiving “negative performance feedback” just days after his first disclosure about the flaws. His attorneys argue that his termination was directly linked to his whistleblowing activity.
