WhatsApp’s ex security chief accuses Meta of putting billions at risk

The former security chief of WhatsApp has accused the messaging app’s parent company Meta of violating cyber security regulations and putting billions of users at risk.

Attaullah Baig, who joined the company in 2021 before his contract was terminated in 2025, filed a lawsuit with the US District Court for the Northern District of California on Monday alleging that Meta dismissed security issues to instead prioritise user growth.

The lawsuit claims that WhatsApp, which has more than 3 billion users worldwide, failed to address the hacking and takeover of more than 100,000 accounts each day.

The 115-page document also alleges that around 1,500 engineers at WhatsApp and Meta could access sensitive user information, including pictures, location and contact lists “without detection or audit trail”.

If true, the actions would violate a privacy settlement between Meta and the Federal Trade Commission (FTC) in 2019 relating to charges of mishandling user information.

Mr Baig said that he was fired in February after warning Meta executives, including chief executive Mark Zuckerberg, of the security issues.

“We have a fiduciary responsibility to protect our users and their data,” Mr Baig told WhatsApp executives in 2022, according to the lawsuit. “The penalties can be severe in terms of brand damages and fines.”

Mr Baig had previously held security roles at several major financial institutions, including Capital One and PayPal.

WhatsApp described his allegations as “distorted” and claimed that the Department of Labor’s Occupational Safety and Health Administration had dismissed Mr Baig’s complaint.

Get 64% off Proton VPN

Servers in over 120 countries
connect up to 10 devices
30-day money back guarantee

Get the Deal

ADVERTISEMENT. If you sign up to this service we will earn commission. This revenue helps to fund journalism across The Independent.

Get 64% off Proton VPN

Servers in over 120 countries
connect up to 10 devices
30-day money back guarantee

Get the Deal

ADVERTISEMENT. If you sign up to this service we will earn commission. This revenue helps to fund journalism across The Independent.

“Sadly this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team,” said WhatsApp’s vice president of communications Carl Woog in a statement.

“Security is an adversarial space, and we pride ourselves in building on our strong record of protecting people’s privacy.”

Meta, which also owns Facebook and Instagram, has previously been charged with the improper harvesting of data of 50 million Facebook users during the Cambridge Analytica scandal.

Mr Baig has requested compensation, back pay and reinstatement to his role at WhatsApp.