Digital Event Horizon
Meta, WhatsApp's parent company, has been accused of prioritizing user growth over security, according to a whistleblower lawsuit filed by Attaullah Baig, the former head of WhatsApp security. The suit alleges that Meta failed to address systemic cybersecurity flaws, including giving thousands of employees unrestricted access to sensitive user data. This article will delve into the allegations made against Meta and the implications for user privacy.
Whistleblower Attaullah Baig alleges systemic cybersecurity failures at WhatsApp, putting thousands of users' data at risk. Baig discovered 1,500 engineers had unrestricted access to user data, including personal info covered by the FTC Privacy Order. Meta allegedly ignored these security vulnerabilities despite being aware of them since 2021. The company prioritized user growth over security, leading to a culture where employees were reluctant to report breaches or whistleblow about wrongdoing. Data scraping on WhatsApp allowed for account impersonation scams, with millions of user profiles improperly copied daily. Account takeovers and data breaches occurred at an alarming rate, with 100,000 users hacked every day and 400,000 locked out of their accounts daily.
Meta, the social media giant behind Facebook, Instagram, and WhatsApp, has been embroiled in a heated controversy over its handling of security and user data. A whistleblower lawsuit filed by Attaullah Baig, the former head of WhatsApp security, has shed light on alleged systemic cybersecurity failures at Meta, which have left thousands of users vulnerable to data breaches.
According to the lawsuit, Baig discovered "systemic cybersecurity failures that posed serious risks to user data" during his tenure as WhatsApp's head of security in 2021. During a red-team exercise designed to identify and exploit security vulnerabilities, Baig found that roughly 1,500 engineers inside the WhatsApp messenger division had unrestricted access to user data, including personal information covered by the Federal Trade Commission (FTC) Privacy Order.
This meant that these employees could move or steal sensitive user data without detection or audit trail. The lawsuit alleges that Meta failed to address this issue despite being aware of it since at least 2021. Baig had notified his superiors about the problem and drafted a document directing the WhatsApp privacy infrastructure team to implement a data classification and handling system that would comply with the FTC settlement.
However, instead of addressing the issue, Meta allegedly rebuffed the recommendation, citing concerns that it would hamper WhatsApp user growth. The lawsuit claims that this prioritization of user growth over security led to a culture within Meta where employees were reluctant to report security breaches or whistleblow about alleged wrongdoing.
Baig's allegations also point to a lack of transparency and accountability at Meta. He allegedly notified superiors that data scraping on the platform was a problem, but WhatsApp failed to implement protections that are standard on other messaging platforms, such as Signal and Apple Messages. As a result, pictures and names of millions of user profiles were improperly copied every day for use in account impersonation scams.
The lawsuit also highlights an alarming number of account takeovers and data breaches at WhatsApp. According to the complaint, roughly 100,000 WhatsApp users had their accounts hacked every day, while as many as 400,000 users were getting locked out of their accounts each day due to these security vulnerabilities.
Baig's concerns were allegedly met with resistance from Meta leaders, who dismissed him for "poor performance" and then went public with distorted claims that misrepresent the ongoing hard work of the WhatsApp team. The lawsuit also accuses Meta of violating its own settlement agreement with the FTC, which mandated the reporting of security vulnerabilities.
In a statement, a WhatsApp representative wrote: "Sadly this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team. Security is an adversarial space and we pride ourselves in building on our strong record of protecting people's privacy."
The whistleblower lawsuit has sparked widespread concern over Meta's handling of user data and security. If true, these allegations would be a serious blow to the company's reputation and could have far-reaching implications for users' trust and confidence in the platform.
As the investigation into these allegations continues, one thing is clear: the relationship between security, privacy, and corporate culture must be scrutinized more closely than ever before. The question now is what actions will Meta take to address these concerns and restore user trust?
Related Information:
https://www.digitaleventhorizon.com/articles/Whistleblower-Lawsuit-Exposes-Alarming-Security-Failures-at-Meta-and-WhatsApp-deh.shtml
https://arstechnica.com/security/2025/09/former-whatsapp-security-boss-sues-meta-for-systemic-cybersecurity-failures/
https://news.bloomberglaw.com/esg/ousted-whatsapp-security-head-sues-meta-after-whistleblowing
Published: Mon Sep 8 16:53:27 2025 by llama3.2 3B Q4_K_M
