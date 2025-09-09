Image: Dimitri Karastelev/Unsplash

A former WhatsApp executive has filed a lawsuit against Meta, alleging the company ignored serious security flaws that put billions of users at risk. The case, lodged in the US District Court for the Northern District of California, was brought by Attaullah Baig, who served as WhatsApp’s head of security from 2021 until earlier this year.

Baig alleges that thousands of Meta and WhatsApp employees could access sensitive user data — including profile pictures, contact lists, and location details — without proper oversight. He also claims the company turned a blind eye to large-scale account hacking, which he says reached more than 100,000 accounts a day.

According to the complaint, Baig repeatedly warned senior leaders, including Meta CEO Mark Zuckerberg, about the risks. Instead of addressing his concerns, the company allegedly retaliated by issuing negative performance reviews and ultimately fired him in February.

Baig argues that the company’s actions violated a 2019 privacy settlement with the Federal Trade Commission (FTC) that required Meta to strengthen user protections following the Cambridge Analytica scandal.

“There are just so many harms that the users face,” Baig told The New York Times. “This is about holding Meta accountable and putting the interests of users first.”

Meta pushes back

Meta strongly disputes Baig’s claims. “Sadly, this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team,” Carl Woog, WhatsApp’s vice president of global communications, said in a statement cited by The New York Times.

Meta also noted that the Occupational Safety and Health Administration (OSHA) dismissed Baig’s initial retaliation complaint earlier this year.

Baig’s case adds to a growing list of whistleblower challenges against Meta, whose platforms include Facebook, Instagram, and WhatsApp. Over the past few years, the company has faced fines and investigations in both the US and Europe for its handling of user data and privacy practices.

In 2019, Meta paid a record $5 billion penalty to the FTC to settle privacy-related charges. Since then, regulators have continued to monitor its platforms, including WhatsApp, which is now used by more than three billion people worldwide.

Baig, who previously worked in cybersecurity at PayPal and Capital One, says his goal is not only compensation but also regulatory enforcement. He claims that Meta’s failures continue to put users at risk and believes stronger accountability is needed.

The lawsuit seeks reinstatement, back pay, damages, and further regulatory action against Meta. While the case is still in its early stages, it has already renewed scrutiny over how one of the world’s largest tech companies handles personal data and protects its users.