Attaullah Baig, former head of security at WhatsApp, filed a lawsuit against Meta in San Francisco, claiming that Meta ignored serious cybersecurity problems and fired him for speaking up.
Baig says about 1,500 WhatsApp engineers had easy access to user data like contacts, IP addresses, and photos without proper controls. His tests revealed that engineers could move or steal data without anyone noticing. The lawsuit claims Meta failed to address account takeovers that affect 100,000 users daily. Instead, they focused on growing the user base.
Baig warned WhatsApp head Will Cathcart and Meta CEO Mark Zuckerberg starting in 2021. Instead of addressing the issues, Meta issued Baig poor reviews, warnings, and ultimately fired him in February 2025, citing “poor performance.”
A former employee at Meta's WhatsApp filed a federal lawsuit alleging he repeatedly raised cybersecurity concerns about the messaging app with his superiors but was ignored and retaliated against https://t.co/NFRAyBN2IC
— Bloomberg (@business) September 8, 2025Meta denies the claims. Carl Woog, WhatsApp’s communications vice president, said Baig’s work was below standard, and the Department of Labour found no retaliation. Meta insists it values user privacy and has strong security.
Before WhatsApp, Baig worked in cybersecurity at PayPal and Capital One. His lawsuit adds to growing concerns about Meta’s data protection on Facebook, Instagram, and WhatsApp. Meta settled a $5 billion government fine after the Cambridge Analytica scandal and must follow strict privacy rules until 2040. Baig says Meta has not met these standards.
Read: WhatsApp Launches New Anti-Scam Features to Enhance User Safety
He seeks to return to work, get back pay, damages, and government action against Meta. He also filed complaints with the Securities and Exchange Commission.
Ex-Meta employee files whistleblower suit for alleged security flaws at WhatsApp https://t.co/pYLnabSt8y
— CNBC (@CNBC) September 8, 2025On the same day, the Washington Post reported that current and former Meta employees say the company hid research on child safety risks in its virtual reality products. Meta denies this, stating it prioritises youth safety and adheres to privacy laws.
Baig’s lawsuit raises serious questions about Meta’s commitment to privacy and security. If true, Meta could face stricter rules and penalties. The case shows the risks whistleblowers face when exposing company problems. As Meta serves billions of users worldwide, strong data protection is very important
