Digital Event Horizon
A former head of WhatsApp security has filed a federal whistleblower lawsuit claiming that Meta prioritized user growth over security, resulting in millions of users' personal information being compromised daily. The allegations have sparked concerns about Meta's commitment to user privacy and highlight the need for greater transparency and accountability within tech giants.
Attaullah Baig, a former head of security for WhatsApp, has filed a federal whistleblower lawsuit alleging that Meta prioritized user growth over security.Millions of users' personal information are compromised daily due to systemic cybersecurity failures and improper access to user data.1,500 engineers had unrestricted access to user data, including personal information covered by the FTC Privacy Order.WhatsApp failed to implement protections standard on other messaging platforms like Signal and Apple Messages.Pictures and names of some 400 million user profiles were improperly copied every day for use in account impersonation scams.
Meta, the parent company of popular messaging app WhatsApp, has been facing intense scrutiny over its handling of user data and security. In a shocking revelation, a former head of security for WhatsApp, Attaullah Baig, has filed a federal whistleblower lawsuit that claims the company has been prioritizing user growth over security, resulting in millions of users' personal information being compromised daily.
According to the lawsuit, Baig discovered systemic cybersecurity failures within WhatsApp's messaging division during his tenure as head of security. These failures posed serious risks to user data, and it is alleged that roughly 1,500 engineers had unrestricted access to user data, including personal information covered by the Federal Trade Commission (FTC) Privacy Order.
Baig, who became head of WhatsApp security in 2021, claims that he found a "failure to inventory user data," as required under privacy laws in California, the European Union, and the FTC settlement. Additionally, there was an absence of systems for monitoring user data access, and an inability to detect data breaches that were standard for other companies.
Furthermore, the lawsuit alleges that Meta leaders allegedly retaliated against Baig after he raised concerns about the company's security practices. The central Meta security team allegedly "falsified security reports to cover up decisions not to remediate data exfiltration risks."
The complaint also states that roughly 100,000 WhatsApp users had their accounts hacked every day in 2022, while by last year, as many as 400,000 WhatsApp users were getting locked out of their accounts each day due to account takeovers.
In a surprise move, Meta has denied the allegations made by Baig. In an email, WhatsApp representatives wrote that "the idea that any team member's input related to how our app runs would be dismissed or ignored runs counter to WhatsApp's culture." They also claimed that Baig's title was "software engineering manager" and that he started and ended his WhatsApp position as a level 1 engineer with multiple directors above him reporting into the VP of Engineering overseeing this work.
The lawsuit has sparked concerns about Meta's commitment to user privacy, particularly after the company has been airing commercials touting the security of WhatsApp. The former cast of the Modern Family TV show appeared in an ad campaign featuring the phrase "It's private," saying that no one can see or hear personal messages on WhatsApp, not even Meta.
However, Baig's lawsuit paints a very different picture, alleging that Meta prioritized user growth over security and kept secret known security vulnerabilities. The complaint also states that data scraping on the platform was a problem because WhatsApp failed to implement protections standard on other messaging platforms like Signal and Apple Messages.
As a result, the former WhatsApp head estimated that pictures and names of some 400 million user profiles were improperly copied every day, often for use in account impersonation scams. The lawsuit outlines not only the improper access engineers had to WhatsApp user data but also a variety of other shortcomings, including an inability to detect data breaches.
In conclusion, Attaullah Baig's whistleblower lawsuit has shed light on the security failures within WhatsApp and raises serious questions about Meta's commitment to user privacy. As the investigation into these allegations continues, one thing is clear: the future of messaging apps like WhatsApp depends on their ability to prioritize user security over growth.
Related Information:
https://www.digitaleventhorizon.com/articles/The-Dark-Truth-Behind-WhatsApps-Security-Failures-A-Former-Heads-Desperate-Whistleblower-Lawsuit-deh.shtml
https://arstechnica.com/security/2025/09/former-whatsapp-security-boss-sues-meta-for-systemic-cybersecurity-failures/
Published: Mon Sep 8 21:22:25 2025 by llama3.2 3B Q4_K_M
