Former head of security at WhatsApp sues Meta, says company ignored security breaches for years
A former senior security manager at WhatsApp is suing Meta, claiming the company put its billions of users at risk by ignoring serious cybersecurity weaknesses. Attaullah Baig, who served as WhatsApp’s head of security from 2021 to 2025, says Meta overlooked internal flaws in the app’s defenses and prioritized user growth over security.
According to Baig, around 1,500 engineers had unrestricted access to sensitive user data, potentially violating a US government order that resulted in a $5 billion (€4.3 billion) fine for the company in 2020. He further claims that Meta failed to address the daily hacking and takeover of more than 100,000 WhatsApp accounts, despite his repeated warnings and proposed solutions.
Baig’s complaint, filed in a federal court in San Francisco, accuses Meta of neglecting basic cyber security practices, such as proper data handling and breach detection mechanisms. It is alleged that internal security tests showed engineers could access user information like contact details, IP addresses, and profile photos – and potentially steal them without leaving a trace.
Despite raising his concerns with senior executives, including WhatsApp director Will Cathcart and Meta CEO Mark Zuckerberg, Baig says his warnings were ignored. After his initial reports in 2021, he claims he faced increasing retaliation from the company, culminating in his dismissal in February 2025.
Meta has disputed these claims, stating that Baig’s dismissal was due to unsatisfactory job performance and noting that several senior engineers independently confirmed this assessment. The company also points out that the Department of Labor dismissed Baig’s original complaint and found no evidence of retaliation.
Before joining Meta, Baig held cybersecurity positions at leading financial institutions such as PayPal and Capital One. He filed complaints with federal regulatory agencies, including the Securities & Exchange Commission, before taking legal action. This lawsuit adds to the growing scrutiny of Meta’s data protection practices on its platforms, which serve billions of users worldwide.
The case is reminiscent of the 2018 Cambridge Analytica scandal, in which Facebook faced criticism for the improper collection of data from millions of users. The resulting consent decree remains in effect until 2040.
Business AM
Subscribers 0
Fans 0
Followers 0
Followers