Former WhatsApp Head of Cybersecurity, Ataullah Baig, has filed a lawsuit against Meta. Baig claims that there are several security vulnerabilities in the WhatsApp system, which could lead to user data theft or compromise. He warned company executives, but his concerns were ignored, and he was terminated from his job. The lawsuit also states that approximately 1,500 Meta engineers have direct access to user data with insufficient oversight.
WhatsApp Security Controversy: A former employee has made serious allegations against Meta and filed a lawsuit. In the case filed in the Northern District of California, Indian-origin cybersecurity expert Ataullah Baig, who served as WhatsApp's Head of Cybersecurity from 2021 to 2025, stated that security vulnerabilities exist on the platform. He alleges that the company's 1,500 engineers have access to users' sensitive data without adequate monitoring. He had informed senior management and CEO Mark Zuckerberg about this, but no action was taken, after which he was dismissed from his job.
Former Employee Files Lawsuit Against Meta
Ataullah Baig, a former Head of Cybersecurity at WhatsApp, has filed a lawsuit against Meta, leveling serious allegations. Baig claims that numerous security vulnerabilities exist within the WhatsApp system, potentially leading to the theft or compromise of user data. He had informed the company's senior executives and CEO Mark Zuckerberg about these issues, but his warnings were disregarded, and he was subsequently terminated.
This lawsuit against Meta has been filed in the Northern District of California. The case alleges that approximately 1,500 Meta engineers have direct access to WhatsApp user data, and there is insufficient oversight of this access. This data includes sensitive information such as users' contact information, IP addresses, and profile photos.
Cybersecurity Vulnerabilities and Company's Response
Baig stated that he discovered these security flaws after joining WhatsApp, which he claims violate federal laws and Meta's legal obligations. Despite his complaints, Meta failed to take any preventative measures. Within three days of reporting, he began receiving negative feedback regarding his performance.
Meta has refuted Baig's allegations, stating that the claims are incomplete and inaccurate. A company spokesperson explained that sometimes terminated employees make misleading claims based on poor performance. Meta also clarified that it takes pride in its privacy protection policies and is committed to safeguarding user information.
Data Security and Future Action
According to experts, this case highlights the urgent need for greater attention to user data security and cybersecurity measures. If Baig's claims are proven true in court, Meta may be required to make changes to its security protocols. This case not only exposes the company's responsibilities but also increases the likelihood of stricter regulations for user safety on digital platforms.
