Sign In
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
New Delhi: Meta, the parent of WhatsApp, is facing a fresh whistleblower lawsuit in the United States, raising serious questions about how the messaging app handles user data. The case has been filed by Attaullah Baig, a former WhatsApp security executive, who alleges that systemic failures at the platform allowed thousands of engineers broad access to sensitive user information.
According to reports, Baig claims he was retaliated against after flagging the security concerns to Meta’s top leadership, including CEO Mark Zuckerberg. His 115-page complaint has been filed in the U.S. District Court for the Northern District of California.
Baig joined WhatsApp in 2021 and says that internal testing revealed around 1,500 engineers had the ability to move or steal user data “without detection or audit trail.” The data allegedly accessible included IP addresses, contact details, and profile photos. He also claims that WhatsApp lacked a proper 24-hour security operations centre, and did not maintain a full inventory of systems storing user data.
The former executive states that these failures may have violated Meta’s obligations under a $5 billion settlement with the U.S. Federal Trade Commission in 2020. He added that the company had ignored proposals to introduce stronger protections against account takeovers, which he estimated affected over 100,000 users every day.
Meta has strongly denied the claims. Carl Woog, vice president of communications at WhatsApp, said in a statement that Baig’s lawsuit followed “a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims.”
Woog added, “Security is an adversarial space, and we pride ourselves on building on our strong record of protecting people’s privacy.” Meta further insisted that Baig exaggerated his position at WhatsApp, stating he was not the head of security but a lower-level engineer.
Baig’s lawsuit claims the timing of his dismissal shows a “clear causal connection” to his protected disclosures.
This case adds to a string of controversies around Meta’s handling of privacy and security across its family of apps. The company is still under a long-term consent order with the FTC, in place until 2040, following the Cambridge Analytica scandal that exposed data from millions of Facebook users.
Baig, who previously worked with PayPal and Capital One, is seeking reinstatement, back pay, compensatory damages, and regulatory action. His lawyers argue that he faced “systemic retaliation” for advocating compliance with U.S. cybersecurity laws.
Meanwhile, Meta continues to face parallel accusations on child safety issues in its virtual reality division, which it has also denied.
For WhatsApp’s over 2 billion users worldwide, including more than 500 million in India, the lawsuit raises fresh concerns over whether user privacy is being adequately protected at one of the most widely used messaging apps.
